SAP Supplier Relationship Management (SRM)

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for SAP Supplier Relationship Management (SRM) using SAML.

About SAP SRM

SAP SRM helps you evaluate, enable, and engage suppliers more effectively.

After integrating the SAP SRM App with Oracle Identity Cloud Service:

  • Users can access SAP SRM using their Oracle Identity Cloud Service login credentials.
  • Users can start SAP SRM using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the SAP SRM app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage applications and users (Identity Domain Administrator or Application Administrator).
  • Make sure that the email ID of each user in SAP SRM matches the primary email ID of the Oracle Identity Cloud Service account.

Configuring the SAP SRM App in Oracle Identity Cloud Service

You can use this section to register and activate the SAP SRM SaaS App, and then assign users to the application.

Prerequisite Step

You need to contact the SAP admin team to help you configure and register the SAP SRM app.

Registering and Activating the SAP SRM App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for SAP SRM, and then click Add.

  4. In the App Details section, enter the Host, Port, SAP Client ID fields, and then click Next.

    Tip: You can get values for Host, Port, and SAP Client ID fields from the SAP admin team.

  5. Click Download IDCS Metadata.

    Tip: This file is used later during the SAP SRM configuration in the "Configuring SSO for SAP SRM" section.

  6. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  7. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the SAP SRM App

  1. On the SAP SRM App page in Oracle Identity Cloud Service, select the Users tab, and then click Assign. The Assign Users window appears.

  2. Select the users that you want to assign to SAP SRM, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the SAP SRM app is assigned to the users that you selected.

Configuring SSO for SAP SRM

To configure SSO for SAP SRM, you must share the IDCS metadata file that you downloaded with the SAP admin team.

Verifying the Integration

Use this section to verify that SSO initiated from both Oracle Identity Cloud Service (IdP Initiated SSO) and SAP SRM (SP Initiated SSO) works.

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Service My Profile console: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the SAP SRM App. Oracle Identity Cloud Service displays a shortcut to SAP SRM under My Apps.

  3. Click SAP SRM. The SAP SRM home page appears.

  4. On the SAP SRM home page, confirm that the user that is logged in is the same for both SAP SRM and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from SAP SRM

  1. Access the SAP SRM login URL: https://<Host>:<Port>/sap/bc/gui/sap/its/webgui?sap-client=<SAP_Client_ID>.

    You are redirected to the Oracle Identity Cloud Service login page.

  2. Log in using credentials for a user that is assigned to the SAP SRM App. The SAP SRM home page appears.

  3. On the SAP SRM home page, confirm that the user that is logged in is the same for both SAP SRM and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from SAP SRM works.

Verifying Single Log-Out (SLO)

  1. On the SAP SRM home page, click Log off on the right side of the menu bar.

  2. Access the Oracle Identity Cloud Service My Profile console, and then confirm that the login page appears.

    This confirms that SLO works and that the user is no longer logged in to SAP SRM and Oracle Identity Cloud Service.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

SAP SRM displays the login screen during SSO.

Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in SAP SRM.

Solution: Ensure that the user that is signed in has an account in both Oracle Identity Cloud Service and SAP SRM with the same email address.

SAP SRM displays the message “There is a problem with your account. Please contact Support." during SSO.

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service SAP SRM app and SAP SRM is deactivated.

Solution 1:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then SAP SRM.
  • Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The error occurs when the administrator revokes access for the user at the same time that the user is trying to access the SAP SRM app using Oracle Identity Cloud Service.

Solution 2: Access the Oracle Identity Cloud Service administration console, select Applications, SAP SRM, Users, and then click Assign to re-assign the user.

SLO is not working when we try to logout from SAP SRM.

Cause: Limitations from the SAP end.

Solution: Currently there is no solution available.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.