Details of the steps required to configure a SSO between Edflex and SAP.
Prerequisites
Ensure you have access to the SSO configuration interface in SAP.
To perform the configuration below, you must be able to access this interface.
If this is not the case, contact your SAP administrator, who will be able to upgrade your access rights.
1. Send SAP metadata to Edflex
Go to the Tenant settings:
Applications & Resources > Tenant Settings
Then, go to SAML 2 set up:
Single Sign-On > SAML 2.0 Configuration > Download Metadata File
Send the file to your Edflex technical contact.
In return, you will get the Edflex metadata to be use in next step.
2. Set up the Identity Provider in SAP
The client set up has to be done in SAP at the application level:
Applications & Resources > Applications
2.1 Create a new application
Specify this matching:
- Display Name = Give a name to this application according to your taxonomy
- Type = Unknown
- Parent application = None
- Organization ID = global
- Protocol Type = SAML 2.0
2.2 Upload Edflex metadata
Click on SAML 2.0 Configuration and upload Edflex metadata.
2.3 Set up attributes
Four attributes are required for this configuration to function properly.:
- first_name > First Name
- last_name > Last Name
- mail > Email
- user_uuid > Global User ID
If you want to add other attributes to the SSO exchange, please specify this to your Edflex technical contact.
2.4 Setup the attribute used for the NameID
2.4.1 Select the attribute
Several attributes can be used (Global User ID, User ID, Login Name, and Email). Depending on how these attributes are managed in your SAP environment, we recommend using the attribute whose value is unique and permanent for each learner.
In the example below, âUser IDâ is the selected attribute:
2.4.2 Select your format
By default, the Name ID format is âUnspecified.â Keep this format:
2.4.3 Apply a function to the case
If the case of the attribute used for the Name ID is likely to change over time, we recommend applying the âLowercaseâ function. This is because our identity manager is case-sensitive for this value, so any change in case on the Identity Provider side will result in an error for learners who want to log in.
2.5 Single Logout Management
Edflex does not recommend using this feature so that your learners remain logged in to SAP when they log out of Edflex.
2.6 Make the application available from the login page
Via Branding & Layout, activate "Display Application Name".
Share the issuer to your Edflex technical contact, who will set up the required configuration to ensure that SSO works via IDP Init.