SAP Cloud Connector-based Mobile Single Sign-On

Learn how to enable a direct and seamless single sign-on (SSO) experience for both iOS and Android mobile app users based on the SAPCP Cloud Connector.

Note
Currently this method only works with the mobile app to connect to your live SAP BW/4HANA, S/4HANA, and SAP HANA data sources.
Backend Configuration Requirements
Before enabling SSO through the cloud connector, you must ensure that the backend tasks described below have been implemented and properly validated.
  1. Your SAP Analytics Cloud system must be configured to use the cloud connector. A sub account should be created in your system for the connector. For detailed information on configuring the SAPCP Cloud Connector, see Configuring the SAPCP Cloud Connector.
    Note
    Tunnel Connection is supported for the Android mobile app but not available for the iOS app.
    Note
    The sub account for the connector includes settings for Location ID, Virtual Host, and Port. These setting values will be required for enabling SSO for the mobile app.
  2. Create a live data connection from the cloud connector to your live data source. For more information, see Live Data Connections Advanced Features Using the SAPCP Cloud Connector.
  3. Configure your on premise live data sources to use the SAP cloud connector. For details on how to configure your live data source, seeConfigure Your On-Premise Systems to Use the SAPCP Cloud Connector.
  4. Set up trust between SAP Analytics Cloud and your live data source. For set up instructions, see Set Up Trust Between SAPCP Cloud Connector and Your On-Premise ABAP Systems (BW or S/4HANA).

    Once all these background steps have been accomplished and verified, the cloud connector is able to propagate credentials from your SAP Analytics Cloud to your live data source.

Enabling Single Sign-On for Mobile
To enable SSO, you need to specify required settings when setting up your live data connection.
Note
The default virtual host and port are the internal host and port. You can rename the host and port so that the internal host name and port are not exposed. The virtual host name and port are specified when configuring the SAPCP Cloud Connector. For more information, see Configuring the SAPCP Cloud Connector
Note
Before using SSO through the cloud connector, make sure that the Allow live data to securely leave my network switch is enabled from Start of the navigation pathSystem Next navigation step Administration Next navigation step Data source ConfigurationEnd of the navigation path. For more details, see Live Data Connections Advanced Features Using the SAPCP Cloud Connector, and for system settings see Administration.
  1. Select SAML Single Sign On from the list under Authentication Method.

  2. Select the Enable Single Sign-On for mobile app users box.
  3. Provide the cloud connector instance for your system in Location ID.
    Note
    Each cloud connector instance must use a different location.
  4. If you are using SAP HANA as your live data source, enter your SAML Provider Name.
  5. Select OK.
Validating Single Sign-On for mobile app users
Once you have set up SSO via the cloud connector, it is strongly recommended that you validate that the authentication works by doing either of the following:
  • If you have configured SSO for an existing live data connection that is associated with stories in the Mobile app, open a story. You should not be prompted for authentication credentials for your live data source.
  • If you have configured SSO for a new live data connection, create a new story based on this connection. You should not be prompted for authentication credentials to the live data source when accessing the story.