Configuring Single Sign-On

Objectives

After completing this lesson, you will be able to:

  • Explain how Configuration Managers can enable single sign-on (SSO) access to SAP Fieldglass.
  • Use the single sign-on setup wizard.

Single Sign-On (SSO)

The SSO integration tool allows configuration managers to implement and perform SSO-related administration actions for their organization.

It provides an intuitive wizard framework that allows you to enable, edit, manage, and troubleshoot your SSO configuration.

SSO Process

There are two ways for SSO to initiate a session in SAP Fieldglass:

  1. Identity Provider, or IdP, in which the user clicks a link that routes to an authentication server, which verifies the user and transmits the identity information to SAP Fieldglass to log the user in.
  2. Service Provider, or SP, in which the user clicks a link that routes directly to SAP Fieldglass, which in turn sends an authorization request to the authentication server, which verifies the user and transmits the identity information to SAP Fieldglass to log the user in.
Image illustrating the differences in the initiation processes between Identity Provider and Service Provider

SAML

Once the user is authenticated by the customer’s internal authentication server, a SAML request is sent to SAP Fieldglass via the user’s browser.

SAML, or Security Assertion Markup Language (SAML), is an open standard XML-based solution for exchanging user security information between an IdP and an SP.

When the user is authenticated, the ID system sends SAP Fieldglass an XML file with the user attributes indicating that the user can access the application.

Image illustrating how SAML authenticates an SAP Fieldglass user

SSO Configuration

The functionality of the Single Sign-On tile on the dashboard depends on whether you’re a new SSO client or an existing SSO client.

For new SSO clients, the Enable Single Sign-On tile opens the setup wizard and allows you to add new SSO details.

For existing SSO clients, the View Single Sign-On tile opens the Setup Details page and displays your existing SSO setup details, which you can edit.

Use the Single Sign-On Setup Wizard

Let’s walk through how you would enable SSO for WorkingNet, who hadn’t already linked SSO to SAP Fieldglass.

SSO View

After enabling SSO, you would still use the Single Sign-On tile within the Configuration Tools to either edit or access details on the setup.

You could click this tile at any time to open the Single Sign-On Details page.

Screenshot of the Single Sign On tile on the Configuration Manager interface.

Log in to track your progress & complete quizzes