SAP Cockpit SSO

HarshC · ‎02-13-2020

Hello Experts,

I'm familiar with the SSO setup to allow application users to access SCP services via SSO.

We've configured SSO for our CPI developers using ADFS as the IDP.

However, in this case, we are still using SUser ID's to login to the SCP Cockpit.

How do I configure SSO for platform users logging into SAP Cloud Cockpit itself?

I found the following link: https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.04/en-US/eb89d22492ab48bea3f3ff9b79...

1) Is this the right link? If not, can you please point me to the right documentation for Cockpit SSO.

2) The link seems to indicate that I must use SAP Identity Authentication Service for SSO to the Cockpit. Is that true? Is there a way to do this without using SAP's IDP?

Thanks for your help with this.

LutzR · ‎02-14-2020

Hi Harsh,

follow documentation and advice given by ajennings and lucasvaccaro .

But also be aware that there are more pitfalls than the Cloud Connector:

The concept of a Platform Identity Provider is only available on the Neo side of the SCP. It is missing completely on the Cloud Foundry side.

In case you decide to use an IAS as a Platform Identity Provider and dare to configure that IAS to proxy your central IDP, then you will run into trouble with several more services. E.g. Java deployments will be broken as well as the access to console client. So proxying your IDP (and therefore SSO) might not be possible at all.

So the Platform Identity Provider concept is half-baked on the Neo side and not available at all on the Cloud Foundry side. Try carefully and don't expect too much.

Cheers, Lutz

SAP Cockpit SSO

Re: Custom sorting with BW 7.3 source system at We...

Re: standard LIKP table not getting activated afte...

Re: BW extractor 2LIS_02_SCL showing different res...

Re: How to share IQ multiplex DBFiles opened with ...

Re: Messages in SAC Handling with BW Live Connecti...