SAP Knowledge Base Article - Public

2845812 - Error when creating live connection for S/4HANA Cloud / SAP Marketing Cloud Integration in SAP Analytics Cloud (SAC)


The following error occurs in SAP Analytics Cloud (SAC):

  • Unable to authenticate. Please ensure your credentials are valid.
  • Cannot return OAuth 2.0 SAML Bearer Assertion because could not retrieve OAuth 2.0 access token


  •  SAP Analytics Cloud

Reproducing the Issue

  1. Follow the steps from SAC help guide and on section "Live Data Connection to SAP S/4HANA Cloud Edition via OAuth" and SAP Marketing Cloud Help Guide on Section "Integration with SAP Analytics Cloud (1SO)" and create connection.
  2. When clicking on the OK button in the connection creation page, error "Unable to authenticate. Please ensure your credentials are valid." is seen.
  3. Error "Cannot return OAuth 2.0 SAML Bearer Assertion because could not retrieve OAuth 2.0 access token" can be captured from HTTP traffic


  1. Ensure the NameID used by the identity provider (IDP) is valid.
    1. Open the network tab in Chrome Dev Tools. Make sure "Preserve log" is selected.
    2. Go to the SAP Analytics Cloud logon page. Clear the network requests and then have the user logon to SAC.
    3. In the second or third Chrome Dev Tools network request, find the SAML response header under Form Data and decode it in an online decoder.
    4. Find the NameID in the decoded SAML Response.
    5. Make sure that the NameID is NOT an e-mail address. S/4HANA will not be able to recognize an e-mail as the NameID.
    6. If it is an e-mail, change the NameID in their IDP to either Login Name or User ID.1.
  2. Check that the SAC SAML User Mapping matches the NameID.
    1. Go to Security -> Users in SAC.
    2. Check that the SAML User Mapping Column (case-sensitive) matches up with the NameID from the SAML Response in Step 1 d.
  3. Check that there is a Business User in the SAP S/4HANA or SAP Marketing Cloud system with a matching Username.
    1. In the SAP S/4HANA or SAP Marketing Cloud system, there must be a business user with a username that (no case-sensitive) matches the NameID and the SAML User Mapping.
    2. Either edit an existing user's username or create a new business user and assign the NameID to the new business user's username.
  4. After all of these steps are performed, a connection should be successfully created. If not, ask the user to recreate their Communication Arrangement, Communication System and Communication User and try again.

See Also


SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, EPM-ODS, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics , KBA , LOD-ANA-LDC , SAC Live Data Connection , How To


SAP Analytics Cloud 1.0