3737386 - Unable to Change SAML User Attribute from Login Name to Email with Custom SAML Enabled in SAC

Symptom

After switching the Identity Provider from Azure AD to Cloud Identity Services (IAS), CUSTOM SAML works when using Login Name. However, changing the SAML user attribute to Email cannot be saved (no response after clicking Save).
Additionally, when uploading IAS metadata, the “Name” field remains red, preventing completion of the setup

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

SAP Analytics Cloud 2026.2.10

Reproducing the Issue

Log in SAC;
Go to System > Administration > Security
Upload the metadata from the IAS under Step 2 of 'SAML Single Sign-On (SSO) Configuration;
Attempt to change the SAML user attribute from Login Name to Email;
Click Save; no action occurs.
The “Name” field in the Step 2 remains red and the setup cannot be completed:

Cause

It is not possible to switch the SAML “User Attribute” while the CUSTOM SAML is already enabled. Attempting to change from Login Name to Email without reverting to the default identity provider leads to the observed behavior.

Resolution

In SAC, revert authentication to the default identity provider (disable the custom SAML).
Start SSO configuration again and re-enable the custom SAML;
Before enabling, set the SAC SSO “User Attribute” to Email.
In Cloud Identity Services (IAS), configure the SAML assertion to use Email as the NameID (or map the email attribute accordingly to ensure consistency with SAC).
Export the IdP metadata from IAS and upload it to SAC.

Keywords

sac, saml, sso, custom idp, cloud identity services, ias, user attribute, email identifier, login name identifier, cannot save, name field red, metadata upload error, sac administration security, revert to default idp, saml nameid configuration , KBA , LOD-ANA-AUT , SAC Authentication / Login , Problem

Product

SAP Analytics Cloud all versions