Integration Hub SAP HANA SSO

Steps to configure SAML SSO for SAP HANA

About SAP HANA

SAP HANA is an in-memory, column-oriented database management system that enables real-time data processing and analytics, significantly enhancing performance compared to traditional disk-based systems.

The following steps will help you enable single sign-on (SSO) for SAP HANA from Identity360.

Prerequisites

  1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications. For more information, refer to the pricing details.
  2. To add an SAML IDP in SAP HANA, you must have a role based on the sap.hana.xs.admin.roles::SAMLAdministrator template.
  3. Log in to Identity360 as an Admin or Super Admin.
  4. Navigate to Applications > Application Integration > Create New Application, and select SAP HANA from the applications displayed.
    Note: You can also find SAP HANA from the search bar located at the top.
  5. Under the General Settings tab, enter the Application Name and Description.
  6. Under the Choose Capabilities tab, choose SSO and click Continue.
    Identity360 application configuration General SettingsGeneral Settings of SSO configuration for SAP HANA
  7. Under Integration Settings, navigate to the Single Sign On tab and click Metadata Details. Obtain the Metadata by clicking Copy next to the Metadata field. This will be used later during the configuration of SAP HANA.
    Identity360 application configuration Integration SettingsIntegration Settings of SSO configuration for SAP HANA

SAP HANA (service provider) configuration steps

  1. Log in to SAP HANA XS Administration.
  2. Go to SAML Identity Provider. From there, select the + button on the bottom of the screen to open the Add Identity Provider Info pane.
  3. Perform the following steps:
    • In the Add Identity Provider Info pane, paste the contents of the metadata XML (downloaded in step seven of the prerequisites) into the Metadata box.
    • The system auto-fills the required fields such as Subject, Entity ID, and Issuer.
    • In the Name field under General Data, enter Identity360 as the identity provider name.
  4. Select Save to save the details of the SAML identity provider and to add the new SAML IdP to the list of known SAML IdPs.
  5. In HANA Studio, within the system properties of the Configuration tab, filter the settings by saml. Then adjust the assertion_timeout from 10 sec to 120 sec.

Identity360 (identity provider) configuration steps

  1. Switch to Identity360's application configuration page.
  2. Enter the Instance URL from SAP HANA. For example, if your SAP HANA URL is https://<WebServerHost>:80<SAPHANAinstance>/sap/hana/xs/admin/, then <WebServerHost>:80<SAPHANAinstance> is your Instance URL.
  3. Enter the Relay State parameter, if necessary.
    Note: Relay State is an optional parameter used with a SAML message to remember where you were or to direct you to a specific page after logging in.
  4. Click Save.
    Identity360 application configurationIntegration Settings of SSO configuration for SAP HANA.

Steps to enable MFA for SAP HANA

Setting up MFA for SAP HANA using Identity360 involves the following steps:

  1. Set up one or more authenticators for identity verification when users attempt to log in to SAP HANA . Identity360 supports various authenticators, including Google Authenticator, Zoho OneAuth, and email-based verification codes. Click here for steps to set up the different authenticators.
  2. Integrate SAP HANA with Identity360 by configuring SSO using the steps listed here.
  3. Now, activate MFA for SAP HANA by following the steps mentioned here.

How does MFA for applications work in Identity360?

  SSO Integration flow diagram  

Don't see what you're looking for?

  •  

    Visit our community  

    Post your questions in the forum.

     
  •  

    Request additional resources  

    Send us your requirements.