cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Analytics Cloud to Azure AD user mapping

Go to solution
Former Member

on ‎04-26-2018 3:13 AM

Hello,

We are working on setting up SSO between SAP Analytics Cloud & Azure AD using SAML. If the name ID or email case in Azure AD doesn't match the case defined in Analytics cloud, how else can the user attribute be mapped?

In our case, user ids are defined as <FIRSTNAMEFIRSTLETTER><Lastname> and email is defined as <FIRSTNAMEFIRSTLETTER><Lastname>@<DOMAIN>.COM in Azure AD. However in Analytics cloud, username is all uppercase <FIRSTNAMEFIRSTLETTER><LASTNAME> while the email is all lower case <firstnamefirstletter><lastname>@<domain>.com.

I am trying to come up with a way on how the user can be mapped between IDP & SAC. The existing user identifiers in Azure AD - userprincipalname, user.mail, Join(), ExtractMailPrefix() doesn't seem to help in my scenario due to the case mismatch.

Is there anyway we can achieve this mapping for SAML to work?

Regards,

Sid

Show replies
Show replies
JohnL
Product and Topic Expert
Product and Topic Expert
‎05-01-2018 4:15 PM
0 Kudos

Hi Sid,

Were you able to get this working?

Former Member
‎05-20-2018 1:37 AM
0 Kudos

Hi John,

We haven't turned this on yet. Working thru on some other issues. I had follow up questions that I just posted below. Hoping someone is able to answer that as well.

Answer

Accepted Solutions (1)

Accepted Solutions (1)

julian_jimenez
Active Contributor
‎04-26-2018 9:29 AM

Hi Sid,

You can always select Custom SAML User Mapping. There are three methods to map your users: USER ID, email and "SAML User Mapping". That will open a new column in your Security > Users that will allow you to type whatever you want. You can type whatever you need to match the "Name ID" claim returned by Azure AD.

Cheers,

Julian

Show replies
Show replies
Former Member
‎05-20-2018 1:35 AM
0 Kudos

Julian - just following up with couple more questions based on your answer

1) Can we switch the IDP back to SAP cloud from Azure in future if there are any configuration issues? I read someplace that once we switch the IDP to use custom SAML mapping, then we cannot switch back.

2) Also, in one of your blog post questions, you did mention that the SAP team is coming up with a workaround to login into SAC if the IDP is down (for any reason). Is that workaround available yet?

Regards,

Sid

Answers (0)

Ask a Question