- IAS Tenant preparation: Log onto Identity Authentication service
- Navigate to Identity provisioning > Source > Properties > sf.user.filter make it (active eq "true")
- Navigate to Identity provisioning > Source > Outbound Certificates and make sure that the certificate is valid, if not generate a new one and delete the old one and activate the automatic generation
- Go to Identity provisioning > Target > Outbound Certificates and make sure that the certificate is valid, if not generate a new one and delete the old one and activate the automatic generation
Note: If the IAS tenant links were not provided from SAP, you can activate from the Upgrade Center, and after completing the configuration, testing and activation will be done again from the Upgrade Center
- Created trust between Azure Active Directory and Identity Authentication service
Step 1: Download Identity Authentication service tenant metadata
Navigate to Applications and resources > Tenant Setting > Single Sign-On > SAML 2.0 Configuration and download the IAS Meta data file
Download the metadata file.
Step 2: Create enterprise application in Azure Active Directory
Navigate to the Enterprise applications, Click New application.
Azure Active Directory has templates for a variety of applications, one of them is the SAP Cloud Platform Identity Authentication Service. Search for this and select it.
A new column on the right side will appear to give the application a name. Give the application a name and click Add.
Go to Single sign-on and select SAML as Single-Sign On method.
STEP 3: Upload the IAS tenant metadata file you get from the step 1
Select the application you just created, Click Upload metadata to upload the metadata file from Identity Authentication service.
All the details are now taken from the metadata file. There’s nothing to do for you other than saving the details. Therefore, click Save.
STEP 4: Download single sign-on metadata from Azure Active Directory
Download the federation metadata as shown below.
With this information we can setup the trust between Azure Active Directory and Identity Authentication service.
Step 5: Create corporate identity provider in IAS
Go back to IAS and navigate to Identity provider > Create > Microsoft ADFS / Entra AD (SAML 2.0) Type
STEP 6: Upload Azure Active Directory federation metadata file
Click SAML 2.0 Configuration and to upload the recently downloaded federation metadata from Azure Active Directory.
Choose the file from your local file system.
All fields below are automatically going to be filled due to the information provided through the uploaded file.
Click Save at the top of the page.
STEP 6: Add a new user in the Users and groups Microsoft Azure application
Go back to your overview of enterprise applications in Microsoft Azure AD and click your application. Add a new user by clicking Add user in the Users and groups submenu, as shown on the screenshot.
By hitting the result tile, you select the user, which should appear under Selected members panel. Finish your user assignment with clicks on Select and Assign.
Congrats Now you created trust between Azure Active Directory and Identity Authentication service.
- IAS Tenant Final Preparation:
Navigate to Identity provisioning > Source > Jobs and run now read job to get all users from SF then schedule the job for future new hires.
Navigate to Applications and resources > Applications > SuccessFactors > Conditional Authentication and create a rule for all domains you need it to access the system from the identity provider you created... this step will define the domains witch will access as SSO, any other domain will access from the default identity provider.
Set the Default Identity Provider as Identity Authentication.
Navigate to Identity provider > Identity Federation > switch On Use Identity Authentication user store and Switch On User Access
Now you can test and be sure that the user you are try to test with is already added to the SF tenant.
Hope you enjoy the process.
Thanks
Ahmed Aranda
- SAP Managed Tags:
