/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- An issue is occurring with Single Sign-On (SSO) in SAP Analytics Cloud (SAC) using SAML.
- The Identity Provider (IdP) requires the NameID attribute to be mapped to the user's email address, but SAC is sending a SAML authentication request with a different NameID policy.
Environment
SAP Analytics Cloud 2025.1.6
Reproducing the Issue
- Go to SAC > Administration > Security > SAML Sign-On (SSO) Configuration
- Check the user attribute (step 3) and notice that Custom SAML User Mapping is used (as number_id) and it is working in the IDP ForgeRock, but a change to e-mail as the attribute is required.
Cause
SAC request is not the same of the IDP, however it should work with e-mail even if the SAC request is
- "urn:oasis:names:tc:SAML:1.1:nameidformat:unspecified".
Resolution
Changing the value in the SAML request is not supported and is not on our roadmap. Even with the NameID Policy containing 'unspecified' the SAML using e-mail should work with it.
See Also
- 2569847 - Where can you find SAC user assistance (help) to use, configure, and operate it more effectively?
- Have a question? Ask it here and let our amazing SAP community help! Or reply and share your knowledge!
- 2487011 - What information do I need to provide when opening a case for SAP Analytics Cloud?
- 2511489 - Troubleshooting performance issues in SAP Analytics Cloud
- Search for SAP Analytics Cloud content using SAP for Me, Google or Bing:
- https://me.sap.com/servicessupport/search#?q=SAP%20Analytics%20Cloud%20OR%20SAC&tab=All
- https://www.google.com/search?q=site%3Ahttps%3A%2F%2Fuserapps.support.sap.com+SAP+Analytics+Cloud
- https://www.bing.com/search?q=site%3Ahttps%3A%2F%2Fuserapps.support.sap.com+SAP+Analytics+Cloud
- Note: Add relevant text or warning/error messages to the text search field to filter results.
- SAP Analytics Cloud Connection Guide
- Getting Started with SAP Analytics Cloud Expert Community page
- SAP Analytics Cloud Get More Help and SAP Support
- Need More Help? Contact Support or visit the solution finder today!
Keywords
SAC, IDP, SAML, NameID, e-mail, custom SAML, error, ForgeRock, request, Analytics Cloud , KBA , LOD-ANA-ADM , SAC Administration , Problem
Product
SAP Analytics Cloud 1.0
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)