Configuring Single Sign-On

Objective

After completing this lesson, you will be able to enable single sign-on (SSO) access to SAP Fieldglass

Single Sign-On (SSO)

The SSO integration tool allows configuration managers to implement and perform SSO-related administration actions for their organization.

It provides an intuitive wizard framework that allows you to enable, edit, manage, and troubleshoot your SSO configuration.

SSO Process

There are two ways for SSO to initiate a session in SAP Fieldglass:

  1. Identity Provider, or IdP, in which the user clicks a link that routes to an authentication server, which verifies the user and transmits the identity information to SAP Fieldglass to log the user in.
  2. Service Provider, or SP, in which the user clicks a link that routes directly to SAP Fieldglass, which in turn sends an authorization request to the authentication server, which verifies the user and transmits the identity information to SAP Fieldglass to log the user in.
Image illustrating the differences in the initiation processes between Identity Provider and Service Provider

SAML

Once the user is authenticated by the customer’s internal authentication server, a SAML request is sent to SAP Fieldglass via the user’s browser.

SAML, or Security Assertion Markup Language (SAML), is an open standard XML-based solution for exchanging user security information between an IdP and an SP.

When the user is authenticated, the ID system sends SAP Fieldglass an XML file with the user attributes indicating that the user can access the application.

Image illustrating how SAML authenticates an SAP Fieldglass user

SSO Configuration

The functionality of the Single Sign-On tile on the dashboard depends on whether you’re a new SSO client or an existing SSO client.

For new SSO clients, the Enable Single Sign-On tile opens the setup wizard and allows you to add new SSO details.

For existing SSO clients, the View Single Sign-On tile opens the Setup Details page and displays your existing SSO setup details, which you can edit.

Image of Config Manager dashboard with Single Sign On Tile Filtered and Highlighted

Use the Single Sign-On Setup Wizard

Let’s walk through how you would enable SSO for WorkingNet, who hadn’t already linked SSO to SAP Fieldglass.

ExerciseStart Exercise

After enabling SSO, you would still use the Single Sign-On tile within the Configuration Tools to either edit or access details on the setup.

Summary

  • Single Sign-On (SSO) Basics: SSO allows users to access SAP Fieldglass through one authentication process using Identity Provider (IdP) or Service Provider (SP) methods.
  • SAML Role: Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication data between an IdP and an SP in the SSO process.
  • SSO Setup Wizard: The wizard guides users through enabling and configuring SSO, including entering IdP and SP details, setting SAML options, and managing certificate expirations.
  • Service Provider Details: Includes protocol binding selection, whether to sign AuthnRequests, and the option to enable deep links for user notifications.

Learning

SAP FacebookSAP YoutubeSAP LinkedIn