The purpose of the trust configuration is the support of principal propagation, forwarding the logged on identity in the cloud (SAP Cloud Platform) to the internal system (SAP Jam Collaboration), which means logging on with a user that matches this identity without the need of providing the password (SSO). By default, SAP Cloud Platform is configured to use the SAP ID Service as the default trusted IDP (identity provider).
Step 1: Get Trust information from your SAP Cloud Platform Server
- Login to your SAP Cloud Platform Cockpit
- Select your account
- Click Security
- Click Trust
- Click Edit
- Select Custom from the Configuration Type drop-down list.
- Click Generate Key Pair
- Keep this screen open.
Figure 1: Get Trust information from your SAP Cloud Platform Server
Step 2: Create a SAML IDP in SAP Jam Collaboration
- Login to SAP Jam Collaboration
- At the top right of the page select the cog icon > Admin
- Click Integrations in the left menu
- Click SAML Trusted
IDPs
- Click Register your SAML Trusted IDP
Figure 2: Create a SAML IDP in SAP Jam Collaboration
- Copy the Local Provider Name from the SAP Cloud Platform Server Trust screen and paste it in the IDP ID field.
- Copy the Signing Certificate from the SAP Cloud Platform Server Trust screen and paste it in the X509 Certificate (
Base64
) field.
- Ensure the Enabled check box is checked.
- Click Register
Figure 3: Edit your SAML Trusted Identity Provider
Step 3: Set up SAP Cloud Platform Trust
- Switch back to the Trust Management screen in the SAP Cloud Platform Cockpit.
- Click Save
- Click Edit
- Select Default from the Configuration Type drop-down list.
- Click Save
Figure 4: Set up SAP Cloud Platform Trust
Next Steps