Integrating an external Identity Provider (IdP) with SAP Customer Data Cloud allows organizations to enable Single Sign-On (SSO) for members, making login across various platforms more seamless.
By connecting your SAP Customer Data Cloud to a centralized IdP, members can log into customer-facing applications using their existing organization credentials, enhancing security and simplifying access management.
This setup involves configuring SAML settings to establish trust between the Identity Provider and SAP Customer Data Cloud, acting as the Service Provider, ensuring a smooth authentication process.
To establish a secure connection between an external Identity Provider (IdP) and SAP Customer Data Cloud, metadata must be exchanged between the systems. This exchange is crucial for ensuring a trusted connection. In this case, metadata from the external IdP application must be entered in the settings of the Delegated Admin Console of the SAP Customer Data Cloud, as shown in the following screenshot:
- The Issuer is a unique identifier for the IdP.
- The SSO Service URL is where the SP sends users to log in.
- The Single Logout (SLO) URL allows users to log out from all connected services.
- Service Bindings specify the attribute mapping used to transfer user data between the IdP and SP.
- The NameID Format defines how users are identified, often using email or a unique identifier.
- The Certificate and Signature Algorithm (e.g. RSA-SHA256) specifies the encryption used to secure the data exchange.
To complete the secure connection setup, you also need to export the metadata from the SAP Customer Data Cloud and import it into the external Identity Provider (IdP). The following screenshot shows where you can export the metadata from the Delegated Admin Console and pass it to the external IdP:
