Mapping SAML Attributes to Users
You can map existing SAML user or group attributes to SAP Analytics Cloud user profiles.
Prerequisites
-
SAP Analytics Cloud is running on an SAP data center.
Determine which environment SAP Analytics Cloud is hosted in by inspecting your SAP Analytics Cloud URL:
- A single-digit number, for example us1 or jp1, indicates an SAP data center.
- A two-digit number, for example eu10 or us30, indicates a non-SAP data center.
NoteIf SAP Analytics Cloud is running on a non-SAP data center, you must do the user mapping in your SAML identity provider, and the steps below do not apply. For more information, see Step 6 in Enabling a Custom SAML Identity Provider. - When you map SAML attributes to users, you'll need your Subaccount (S-User) details. Have these ready before you start. To find your S-User information, in SAP Analytics Cloud go to .
- You or the owner of your organization’s S-User account must submit an SAP Product Support Incident using the component:
LOD-ANA-BI. In the support ticket, indicate that you want
to map SAML attributes to user profiles, and include your SAP Analytics Cloud tenant
URL.NoteYou need to open a support ticket each time you switch to a different custom IdP.
- You have configured your system to authenticate users against a custom SAML Identity Provider (IdP). You are logged on with a SAML account that is assigned an administrative role in SAP Analytics Cloud. And your custom SAML IdP is configured to return one or more SAML user attributes in the SAML assertions that are issued to authenticated SAML users.
Context
- First Name
- Last Name
- Display Name
- Functional Area
- Language
- Custom1, Custom 2, and so on
Procedure
Results
Next Steps
To edit a user's SAML mapping, go to the Users page of the Security area, and select the SAML Mapping you want to modify. Add a new SAML Mapping and press Enter, or select another cell to verify the new mapping. Select (Save) to set the new mapping.
A confirmation email will be sent to the email address linked to the new mapping.
As long as a user has not logged on to the system with the new information, the SAML mapping will appear in pending state on the Users list.