By Centrify Contributor I ‎09-29-2016 09:19 AM


1. Centrify Cloud Tenant with Administrator Credentials.

2. SAP Role created in Centrify Portal for users to gain access to the SAP-ABAP application to Single-Sign-on

3. Administrator Credentials to configure SAML2.0 in SAP.


Note: Centrify has a built-in template  under Cloud manager\Apps  , I have chosen to use Custom SAMLTemplate to show how we can import SP-Meta-Data if you wish to take that path.


1.Logon to the SAPgui console (Your DEV environment preferred)

2. Type/nsaml2 , click allow on the “security popup”


3. You may see a certificate error , click continue to launch the wizard
Note: :Make sure you are in the url that your users go to logon ( check port number etc in the url)

3-continue on web-cert-error.png

4. Provide your credentials4-type in your credentials.png

5. SAML 2.0 Configuration wizard opens up , click on “create SAML 2.0 Local Provider” from the drop down menu


6. Give Provider name  Example  “SP:DEV-SAML2 and click next


7. Click next on the “Miscellaneous” step


8. Click next on  Identity-provider discovery ( leave defaults ) and click “finish”

8-next-on-Identity-provider discovery.png

9.  Click on “Metadata” ,  “Download Metadata”  and Save it.

9-Click on Metadata and downloadMetadata.png

10. Go to Centrify Apps in Cloud Manager and Add Custom SAML application ,
Please select the right Roles for users able to access the application, under account mapping please verify if you are using “samaccountname” as this attribute may wary per organization.



11. Upload SP-Metadata from file option that was downloaded from SAP service provider.



12. Make sure you take a look at the “Assertion Consumer Service URL in the Application Settings and click on the “SAVE” button


13. Download Identity Provider Metadata and “signing certificate”

13-download-identity provider-metadata.png


14. Go back to Step-9 screen and click on Trusted Providers and add SAML-Metadata file that was downloaded from Centrify Identity Provider.

14-Click on Trusted Providers and add Metadata from IDP.png


15. Click Next on “Certificates and Algorithms”

16. Click Next on “Single Sign-On Endpoints” , leave the option checked at HTTP Redirect

17. Click Next on “Single Logout Endpoints”

18. Click Next on “Artifact Endpoints”

19. Click Finish on “Authentication Requirements”

20. Click on “Identity Federation” and then “Add” and under “Supported NameID Formats” Select “unspecified” and click OK.

20-supported-Name-ID formats.png

21. Check under “UserID Mapping Mode”  “Logon ID” is selected. This corresponds to Step-10 where you are using “samaccountname” as the ID under account mapping.



22.  Final Step :  Enable SAML 2.0 Configuration and Click OK.



23. Go to the SAP login Url as users typically go to , once you are there  you will now be redirected to Centrify as shown below .

23 -redirect to Centrify.png

24. If IWA “Integrated windows Authentication” is enabled through Centrify users are automatically logged in .

25. Users can also go to their Centrify “user Portal” and click on the “SAP-ABAP” icon and single-signon to the application.

Showing results for 
Search instead for 
Do you mean 

Community Control Panel