Abstract

In this video tutorial we show how to configure Microsoft Azure AD as identity provider for business applications on the SAP Business Technology Platoform (SAP Cloud Platform) Cloud Foundry environment.

For more information, sample code, and additional references visit
https://blogs.sap.com/2021/02/10/sap-...

0:00 - Introduction
2:20 - Create new Enterprise application in Azure AD
3:00 - Configure User Attributes & Claims
3:30 - Download federation metadata XML (IdP)
4:00 - Create new Corporate IdP in SAP Identity Authentication Service and upload IdP metadata
4:25 - Update Identiy Provider Type
4:30 - Download IAS metadata (IdP Proxy)
4:55 - Upload IAS metadata in Azure Ad
5:15 - Create net Trust Configuration in SAP Cloud Platform and upload IAS metadata (IdP Proxy)
5:40 - Download service provider (SP) metadata
5:55 - Create new application in SAP Identity Authentication Service and upload SP metadata
6:15 - Configure Default Name ID Format, SAML Assertion Attributes, and Conditional Authentication
6:50 - Assign user to application in Azure AD
7:15 - First test (fails with SAML error)
7:55 - Download federation metadata XML from Azure AD and upload for the IdP in SAP Identity Authentication Service
8:15 - Second test succeeds on authentication
8:25 - Shadow users
8:50 - Third test with myappsec sample appliation: Forbidden
9:20 - Option 1: Assign shadow user to role collection
10:15 - User authorization concepts
11:05 - Map role collection to Azure AD group

This video is part of the SAP Cloud Platform | Cloud Foundry | Security playlist: http://sap.to/6054Hg1l8

Code samples are available on Github: http://sap.to/6055Hg1lD

Find the latest SAP HANA Academy video tutorials here: http://sap.to/6056Hg1lE

Thank you for watching. Video by the SAP HANA Academy

Links

• https://www.youtube.com/watch?v=4qo8acsxRgU

Citation

SAP HANA Academy, n.d. Azure AD as IdP and SAP Identity Authentication Service as SAML Federation Proxy. URL: https://www.youtube.com/watch?v=4qo8acsxRgU