• Home
• App Integrations
• Single Sign-On Integrations
• SAP ECC Single Sign-On

SAP ECC Single Sign-On SSO

---

Single Sign-On (SSO) solution by miniOrange provides secure Single Sign-On access into SAP ECC using a single set of login credentials. You can log into SAP ECC using miniOrange credentials or Azure AD credentials or any of your existing identity providers. With miniOrange SSO services, along with SAP ECC you can also login into other On-Premise and Cloud Applications using your existing Identity Providers/User Store (Azure Active Directory, Okta, Ping) credentials . Follow the given setup guide to integrate header-based SSO for your SAP ECC account.

Follow the Step-by-Step Guide given below to Configure and tests SAP ECC Platform

1. Configure SAP ECC in miniOrange

• Login into miniOrange Admin Console.
• Go to Apps and click on Add Application button.



• In Choose Application, select SAML/WS-FED from the application type dropdown.



• Search for SAP ECC in the list, if you don't find SAP ECC in the list then, search for custom and you can set up your application in Custom SAML App.

• Enter the following values in the respective fields.



SP Entity ID or Issuer:	https://www.sap.com/a/your_samlname
ACS URL:	https://www.sap.com/a/your_samlname
Name ID:	E-mail Address



• Click on Next to proceed further.



• In the Attribute Mapping tab configure the following attributes as shown in the image below.



• To upload respective app logo for a Custom SAML App, click on Upload Logo tab.



• Click on Save.

Get IdP Metadata Details to upload to SAP ECC:

• Go to Apps >> Manage Apps.
• Search for your app and click on the select in action menu against your app.
• Click on Metadata to get metadata details, which will be required later. Click on Show SSO Link to see the IDP initiated SSO link for SAP ECC.



• Here you will see 2 options, if you are setting up miniOrange as IDP copy the metadata details related to miniOrange from the 1st section, if you already have an external IDP or User Store (OKTA, AZURE AD, ADFS, ONELOGIN, GOOGLE APPS) you should get the metadata from the 2nd Section as shown below.



• Click on the Download Certificate button to download the metadata.xml file which you will require in Step 2.

2. Configure SSO in SAP ECC

• Firstly, you need to create System object in SAP Portal. For this, enter System Name, System ID, Description.



• Add System alias on system object.



• Download certificate of Portal system through NW admin.



• To download certificate you need to select Ticketkeystore.



• Then click on export key button to get required certificate from portal server



• You have import portal certificate into ECC server using Transaction -strustsso2. In the certificate area click on import certificate button (green color) then browse the file which you have downloaded earlier from Portal server. Then click on add to certificate list button after that click the button Add to ACL, here you need to provide SID of portal in system ID text field and 000 as client text field.



• Add profile parameters in ECC server using RZ10, it is
  • login/create_sso2_ticket=2
  • login/accept_sso2_ticket=1
  • icm/host_name_full= >FQDN<
• Then, enter the details as shown:

Attribute	Description
SAML Name	Any value. Make sure it's the same as saved in the ACS URL in miniOrange.
SAML SSO URL	Enter SAML Login URL value that you got from Step 1.
SAML Logout URL	Enter SAML Logout URL value that you got from Step 1.
X509 Certificate	Paste X.509 Certificate content that you got from Step 1.

• Click Save changes to save the Single Sign On (SSO) SAML settings.

3. Test SAP ECC SSO Configuration

• Go to https://{Your-SAP ECC-Domain} and sign in/login and you will be redirected to miniOrange login page.
• Enter your miniOrange Credentials.



• You can see you have successfully implemented Single Sign-On for SAP ECC with miniOrange as your OAuth Server.

External References

• Single Sign-On (SSO)
• Cnfigre SAP ECC SSO
• SAP SSO, MFA & Provisioning Solution