Using the 'None' Authentication Option
For many live data connections, you can choose None as your authentication option.
Single Sign-On (SSO) using SAML 2.0 is recommended when you are creating live data connections, but if your SSO method does not support SAML 2.0, you can still use it with SAP Analytics Cloud.
SSO based on SAML 2.0
For SAML 2.0 authentication, when creating a live connection, you must select SSO as your authentication method.
- SSO with one central identity management system. For example, a SAML 2 Identity Provider.
- Works across both intranet and Internet.
- Works on all devices with a supported web browser.
- A SAML 2 Identity Provider must be setup to manage identities for both SAC and HANA.
SSO without SAML 2.0
For all other types of SSO you must select None as your authentication method. Any authentication type supported by your SAP HANA system can be used, including X.509 Client Certificate authentication, Kerberos/SPNego authentication, or SAP Logon Tickets.
- Offers the same SSO user experience without the need to purchase a SAML 2 Identity Provider or implementing SAML 2.
- Slight performance improvement brought by reducing landscape complexity.
- SAP HANA needs to configured with an automated authentication option, if you have not done this already.
- Although providing an SSO user experience, identities on SAP Analytics Cloud and SAP HANA are not centrally managed. The user logged on to SAP Analytics Cloud may not necessarily be the same user logged on to your on-premise SAP HANA system.
- The authentication option may not work in all use cases. For example, X.509 Client Certificate authentication requires that an existing PKI infrastructure must be in place in the corporate network, and that the user’s browser has access to the user’s certificate.
- Kerberos/SPNego authentication only works in the intranet scenario, as Kerberos is an intranet authentication protocol.
- SAP Logon Ticket authentication can only be used in embedding scenarios, and the portal that embeds the SAP Analytics Cloud content must be able to issue SAP Logon Ticket beforehand. Additionally, the portal and the SAP HANA system must be in the same DNS sub-domain.
How to Setup Automated Authentication
For details on how to setup automated authentication on your SAP HANA system, see the following: