Adding a Trusted Identity Provider

If you use the OAuth 2.0 SAML Bearer Assertion workflow, you must add a trusted identity provider to SAP Analytics Cloud.

Prerequisites

The corresponding OAuth Client must be added to SAP Analytics Cloud. For more information, see Managing OAuth Clients.

Context

The OAuth 2.0 SAML Bearer Assertion workflow allows a third-party application access to protected SAP Analytics Cloud resources without prompting users to log into SAP Analytics Cloud when there is an existing SAML assertion from the third-party application identity provider.

Note

Both SAP Analytics Cloud and the third-party application must be configured with the same identity provider.

Procedure

Go to (Main Menu) System Administration App Integration.
In Trusted Identity Providers, select Add a Trusted Identity Provider.
In the dialog, add a unique Name for the trusted identity provider. This name is used only for identification purposes, and will appear in the list of trusted identity providers.
Add the identity provider name. The Provider Name must be unique. For example, if a third-party application running on an SAP Cloud Platform (SAPCP) system, this value is the local provider name of the SAPCP account.

Note
The provider name can contain only alphabet characters (a-z & A-Z), numbers (0-9), underscore (_), dot (.), hyphen (-), and cannot exceed 36 characters.
Provide signing certificate information for the third-party application server.

Note
The signing certificate information must be in X.509 Base64 encoded format.
Select Add.

Next Steps

The identity providers that you added will appear in lists on the App Integration page. Hover over an identity provider and select (Edit) to update information or (Delete) to delete it.

You may need to use the Authorization URL and Token URL listed here to complete setup on your OAuth clients.