Hi All,
We have enabled SSO with ADFS SMAL2.0 for SAP Gateway system. Now we can connect SAP application with SAML SSO with user mapping
option.
Our requirement is:
a) We have 200K end users to access our SAP Fiori
application.
b) All 200K user ids are created in ADFS but not in SAP GW system.
We are planning to Sync all 200K user ids from LDAP to SAP GW but it is not a good approach and Security team will not accept to expose employee info.
So, We can see SAML SSO will provide a feature called on-the-fly Auto User creation.
I tried with below approaches to create user accounts on-the-fly basis:
Approach 1:
Name ID: Unspecified
UserID Source: Assertion Subject NameID
UserID Mapping Mode: User Alias
Allow Identity Provider to Create NameID: YES
This settings are working for user mapping with (a) User Alias and (b) Mapping in USREXTID table, type SA.
But if any new user who does not mapped with user id in SAP, they are unable to access SAP fiori.. here we want to create Auto User creation in SAP system.
Approach 2:
NameID=Persistent
Account federation=Interactive Account linking.
here, when I access my SAP Fiori application, after ADFS authentication, I prompt with SAP logon screen to enter SAP User id/password and check the federated local user account.
Once I did that, I successfully connected SAP Fiori tiles and second time login onwards, I am entering to SAP Fiori apps with SAML SSO.
But, here, I am seeing auto User creation option enablement.. as we have 300K users and it’s tough to create accounts and send all user credentials to users.
Please find the screenshots and help me to fix the issue.
I referred
SAP note: 0001799402 - Automatic account creation for SAML 2.0 SP
https://help.sap.com/saphelp_nw73/helpdata/en/2e/25659ad6834ce5b7f6c394fca79ee3/content.htm
http://scn.sap.com/community/sso/blog/2012/12/12/automatic-user-creation-in-as-abap-using-saml-20
Please help us here to fix the issue.
Thanks,
Nagaraju
+91-9008488440