/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
We want to configure the SAML-integration with our Azure AD. Where can I find the instruction guide as a link / PDF?
Resolution
The information provided does not imply that SAP Signavio Product Support have any expertise in setting up 3rd party identity provider (IdP) systems for customers. These are merely bits of information that were gathered over time while configuring the SAML SSO with identity providers, which may help you with a smoother setup. If you require assistance setting up your IdP system, please reach out to your consultant, partner, or specialized support.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Please find a quick instruction guide below:
- Add a new application in the Azure AD (Enterprise applications - New application)
- Select the option "Non-gallery application" and type a name for the application
- Select the option "User and groups"
- Click on the button "Add user"
- Click on the button "Add user"
-
- Select the users and groups, who should have access to the Signavio Collaboration Hub
- Confirm your selected users and groups with the Select-button and the Assign-button
- Select the users and groups, who should have access to the Signavio Collaboration Hub
- Choose "Single sign-on" and select the value "SAML"
- Fill out the information according to the following steps
- Basic SAML Configuration
- Don´t use the "Upload metadata file"-function as this doesn´t work with the Signavio metadata
- Type in the URLs for the "Entity ID" and "Assertion Consumer Service URL" according to the following KB article:
- KB0381167 - Which SAML Assertion Consumer Service(ACS) URL / EntityID will be used by Signavio?
https://launchpad.support.sap.com/#/notes/0003161011
- KB0381167 - Which SAML Assertion Consumer Service(ACS) URL / EntityID will be used by Signavio?
- You can leave the additional URLs empty
- Don´t use the "Upload metadata file"-function as this doesn´t work with the Signavio metadata
- Basic SAML Configuration
- User Attributes and claims
- Use the user.employeeid attribute as the "User Identifier"
-
- Delete the existing attribute examples (The default namespace entries lead to error messages because they are different attribute names)
- Add the following new attributes and leave the namespace empty
name value last_name user.surname first_name user.givenname email user.mail
- Delete the existing attribute examples (The default namespace entries lead to error messages because they are different attribute names)
-
SAML Signing Certificate
-
Download the Federation Metadata XML
-
Upload the Federation XML file to your Signavio workspace.
-
Afterwards, the configuration is done, and the app can be found on the Azure Portal. The synchronization can take some minutes.
Once the configuration on both sides has been completed, you can test the SSO via this URL (Please choose the appropriate infrastructure for your link)
- https://editor.signavio.com/p/hub?t=<workspace ID>
- https://app-au.signavio.com/p/hub?t=<workspace ID>
- https://app-us.signavio.com/p/hub?t=<workspace ID>
- https://app-jp.signavio.com/p/hub?t=<workspace ID>
- https://app-ca.signavio.com/p/hub?t=<workspace ID>
(Replace the placeholder <workspace ID> with the workspace ID of your tenant. You can find the workspace ID in Process Manager Explorer - Help - Workspace information)
For more information on Single sign-on using SAML, please see our documentation.
Keywords
process manager, sso , KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To
Product
Attachments
| Pasted image.png |
| image2018-11-27_12-59-52.png |
| image2018-11-27_13-2-43.png |
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)