SAP Cloud Connector-based Mobile Single Sign-On
Learn how to enable a direct and seamless single sign-on (SSO) experience for both iOS and Android mobile app users based on the SAPCP Cloud Connector.
Note
Currently this method only works with the mobile app to connect to your live SAP BW/4HANA,
S/4HANA, and SAP HANA data sources. Backend Configuration Requirements
Before enabling SSO through the cloud connector, you must ensure that the backend tasks
described below have been implemented and properly validated.
- Your SAP Analytics Cloud system must
be configured to use the cloud connector. A sub account should be created in
your system for the connector. For detailed information on configuring the
SAPCP Cloud Connector, see Configuring the SAPCP Cloud Connector. NoteTunnel Connection is supported for the Android mobile app but not available for the iOS app.NoteThe sub account for the connector includes settings for Location ID, Virtual Host, and Port. These setting values will be required for enabling SSO for the mobile app.
- Create a live data connection from the cloud connector to your live data source. For more information, see Live Data Connections Advanced Features Using the SAPCP Cloud Connector.
- Configure your on premise live data sources to use the SAP cloud connector. For details on how to configure your live data source, seeConfigure Your On-Premise Systems to Use the SAPCP Cloud Connector.
- Set up trust between SAP Analytics Cloud and
your live data source. For set up instructions, see Set Up Trust Between SAPCP Cloud Connector and Your On-Premise ABAP Systems (BW or S/4HANA).
Once all these background steps have been accomplished and verified, the cloud connector is able to propagate credentials from your SAP Analytics Cloud to your live data source.
Enabling Single Sign-On for Mobile
To enable SSO, you need to specify required settings when setting up your live data
connection.
Note
The default virtual host and port are the internal host and
port. You can rename the host and port so that the internal host name and port
are not exposed. The virtual host name and port are specified when configuring
the SAPCP Cloud Connector. For more information, see Configuring the SAPCP Cloud ConnectorNote
Before using SSO through the cloud connector, make sure that the Allow live
data to securely leave my network switch is enabled from . For more details, see Live Data Connections Advanced Features Using the SAPCP Cloud Connector, and for system settings see
Administration.- Select SAML Single Sign On from the list under Authentication Method.
- Select the Enable Single Sign-On for mobile app users box.
- Provide the cloud connector instance for your system in Location
ID.NoteEach cloud connector instance must use a different location.
- If you are using SAP HANA as your live data source, enter your SAML Provider Name.
- Select OK.
Validating Single Sign-On for mobile app users
Once you have set up SSO via the cloud connector, it is strongly recommended that you validate
that the authentication works by doing either of the following:
- If you have configured SSO for an existing live data connection that is associated with stories in the Mobile app, open a story. You should not be prompted for authentication credentials for your live data source.
- If you have configured SSO for a new live data connection, create a new story based on this connection. You should not be prompted for authentication credentials to the live data source when accessing the story.