The Single Sign-on feature enables SAP customers to access Emarsys accounts without the need of adding login credentials with the SAP Identity Authentication Service. The purpose of this article is to provide guidance on how to enable this feature in the SAP Administration Console for SAP Cloud Platform Authentication.
For the current limitations of the feature, see Known limitations.
Creating an application
As an SAP customer, first, you have to create and configure the application in the SAP Administration Console for SAP Cloud Platform Authentication. To do this, perform the following steps:
- Under Applications, click Create:
- Specify a Display Name:
- Click Save.
The Display Name can be defined freely.
Configuring the application
SAML 2.0 configuration
- Under Applications > Suite SSO <Your application name> select SAML 2.0 Configuration.
- Add your Entity ID and your service provider assertion consumer endpoint URLs.
The identifier is the Entity ID. It must be set to
Specify the following URLs under Reply URL:
Also specify the login URL for the account in the following format:
Multiple login URLs can be added, one for each account.
Make sure not to leave any extra "
/" at the end of the following URLs because it will break the enablement flow.
The indexing of the URLs is not affecting the procedure.
Creating and configuring the assertion attributes is a mandatory step for successfully configuring SSO.
- Select the Assertion Attributes.
- Make sure to use the same Assertion Attributes as shown in the image.
In the example, the
username assertion attribute is assigned to the e-mail user attribute. However, other user information may be used as long as it is unique within the context of an Emarsys account.
- Under Tenant Settings, deactivate IdP-Initiated SSO.
However, the toggle state will not affect Single Sign-On. It will work correctly, in either state.
There are two types of SSOs available currently based on who initiates the service:
- SP (Service Provider) initiated
- IdP (Identity Provider) initiated
The Emarsys plaform uses the Service Provider initiated solution.
Download the metadata
- Download your metadata XML file.
- Share the Metadata.XML with the Emarsys Customer Success Manager.
After completing the steps in SAP Identity Authentication Service and enabling SSO in the Emarsys platform, you can log into SAP Emarsys Customer Engagement platform with your SAP credentials.