Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure SSO from Salesforce to SAP HANA

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Configure SSO from Salesforce to SAP HANA

            Let your users log in to SAP HANA using single sign-on (SSO) from your Salesforce org configured as an identity provider.

            Required Editions

            Available in: Lightning Experience and Salesforce Classic
            Available in: Enterprise, Performance, Unlimited, and Developer Editions

            When you set up your SAP HANA as a service provider and configure a connected app, users can access HANA using their Salesforce login credentials. Follow these high-level steps to configure SSO for Salesforce to SAP HANA.

            To complete these steps, you need a SAML-enabled admin account for SAP HANA and an application deployed on your SAP HANA cloud.

            Set Up Your Salesforce Org as an Identity Provider

            With the My Domain feature, your Salesforce org is enabled as an identity provider. My Domain is required for all orgs. If you don’t like your org’s My Domain name, you can change it.

            The My Domain feature also creates a certificate and key pair. The certificate establishes trust between your Salesforce org and ADP. Optionally, you can use another self-signed certificate or import a CA-signed certificate.

            To provide a certificate and other information about your org to SAP HANA:

            1. From Setup, enter Identity Provider in the Quick Find box, and select Identity Provider.
            2. Click Download Metadata.

            Configure SAML Settings in SAP HANA

            1. Log in to your SAP HANA cloud account as an administrator.
            2. Under TRUST, select Local Service Provider, and click Edit.
            3. For Configuration Type, select Custom.
            4. In Local Provider Name, copy and save the URL. You need the URL later when you set up a connected app in Salesforce.
            5. To create a self-signed certificate that SAP HANA uses to establish trust with Salesforce as the identity provider, click Generate Key Pair.

              local provider settings

            6. To enable application-to-application SSO, enable Principal Propagation.
            7. To use SSO, disable Force Authentication. Otherwise, to force users to reauthenticate to SAP HANA, enable this setting. Save the settings.

              enable propagation and force authentication

            8. On the Trusted Identity Provider tab, click Add Trusted Identity Provider.

              add trusted IdP

            9. Under IdP Settings, upload the Salesforce metadata file you downloaded earlier. Uploading the metadata file automatically populates many fields for you. Save the settings.

              upload metadata

            Create a Connected App in Salesforce

            1. In Salesforce, create a connected app.
              • In Lightning Experience, from Setup, enter App in the Quick Find box, and select App Manager. Click New Connected App.
              • In Salesforce Classic, from Setup, enter Apps in the Quick Find box, and select Apps. Under Connected Apps, click New.
            2. Configure the connected app Basic Information settings.
              1. Enter a name for the SAP HANA connected app. Salesforce uses this name to populate the API name.
              2. Enter your email address in case Salesforce needs to contact you or your support team.
              3. Optionally, upload or specify a logo and icon to represent your SAP HANA application in the Salesforce App Launcher.

                basic settings for the connected app

            3. Configure the connected app Web App Settings.
              1. Select Enable SAML.
              2. For Entity Id, enter the local provider name you saved earlier.
              3. For ACS URL, enter the value for the SAP HANA cloud platform, for example, https://authn.hanatrial.ondemand.com/saml2/sp/acs/p179870387/p179870387.
              4. For Subject Type, select Federation ID. A federation ID is a unique value assigned to the user across multiple web services and Salesforce orgs.
              5. For Name ID Format, keep the default value.
              6. For Issuer, keep the default value, which is your My Domain login URL.
              7. For IdP Certificate, keep the default value (Default IdP Certificate).

              web app settings for the connected app

            4. Save the settings.
            5. Configure profiles and permission sets for the connected app.
              1. From Setup, enter Apps in the Quick Find box.
                • If you’re using Lightning Experience, select Manage Connected Apps.
                • If you’re using Salesforce Classic, under Manage Apps, select Connected Apps.
              2. Click the name of your connected app for SAP HANA. The connected app detail page appears.
              3. Click Manage Profiles or Manage Permission Sets, and add profiles or permission sets for users who can access this app.
            6. In Salesforce, enter the start URL for the connected app.
              1. In your SAP HANA cloud account, select APPLICATIONS. This tab lists applications that you’ve deployed on the SAP HANA cloud.
              2. Go to your SAP HANA application, and hover over URLs. Copy the URL for your application.

                copy the SAP HANA URL

              3. In Salesforce, on the connected app detail page, click Edit Policies.
              4. For Start URL, enter the URL that you copied from your HANA application.
              5. Save the settings.

            Test the SSO Configuration

            In Salesforce, from the App Launcher, choose the SAP HANA application. If you configured the SAP HANA logo and icon for the connected app, the App Launcher displays them.

            If SSO is configured properly, Salesforce creates an application session.

            select the logo from the App Launcher

            See Also

             
            Loading
            Salesforce Help | Article