Configure Your On-Premise Systems to Use the Cloud Connector

Configure your on-premise data source systems to use the Cloud Connector.

Context

To use the SAP Business Technology Platform (BTP) Cloud Connector for data source connections, you'll need to complete these configuration steps:
Note
At this time, this capability exists only for SAP BW, SAP S/4HANA, and SAP HANA data sources.

Procedure

  1. Log in to the Cloud Connector Administration application.
  2. In the left-side menu, select Cloud To On-Premise.
  3. In the Subaccount field, choose your SAP Analytics Cloud subaccount.
  4. On the Access Control tab, in the Mapping Virtual To Internal System section, click (Add) to add a new mapping to your live data system.
  5. In the Add System Mapping dialog, use the following values:
      SAP BW and SAP S/4HANA SAP HANA
    Back-end Type ABAP system SAP HANA
    Protocol HTTPS HTTPS

    Internal Host

    Internal Port

    <system host>

    <system port>

    <system host>

    <system port>

    Virtual Host

    Virtual Port

    <can use the same host as the internal host>

    <can use the same port as the internal port>

    <can use the same host as the internal host>

    <can use the same port as the internal port>

    Principal Type If using single sign-on, choose X.509 Certificate (General Usage). If using a user name and password, choose None. None
  6. Allow access to your system paths:
    1. In the Resources Of section, click (Add).
    2. Enter the URL Path: /.
      For SAP HANA, if you don't want to allow access to all paths under /, set the path to /sap/bc/ina/service/v2/.
    3. Choose Path and all sub-paths.
    4. Select Save.
  7. Steps 7 through 11 are only applicable to SAP BW and SAP S/4HANA SSO. For basic authentication or for SAP HANA, skip these steps.

    Switch to the Principal Propagation tab.

    For detailed information, see Set Up Trust for Principal Propagation.

  8. Select (Synchronize) to synchronize the identity providers.
  9. For tenants on SAP data centers only, complete these steps:
    (A two-digit number in your SAP Analytics Cloud URL, for example eu10 or us30, indicates a non-SAP data center.)
    1. Select (Edit).
    2. In the Edit Trust Configuration dialog, find the lcs entry in the Description column.
    3. Select the Trusted check box for the lcs entry, and save the configuration.
  10. Download the Cloud Connector's system certificate:
    Note
    If the Cloud Connector is newly installed, there is no certificate available to download. The certificate needs to be either uploaded or generated first. To add a certificate, see Configure a CA Certificate for Principal Propagation .

    In addition to the CA certificate, you'll first need to install a system certificate for mutual authentication.

    Remember
    The system certificate needs to be renewed periodically, or else connections that use the Cloud Connector may stop working.
    1. Switch back to the Access Control tab.
    2. In the left-side menu, select Configuration.
    3. Select the On Premise tab.
    4. In the System Certificate section, select (Download certificate in DER format), and save the system certificate file.
  11. Generate a Cloud Connector sample certificate based on a valid user's identifier value:
    1. In the Principal Propagation section, select the Create a sample certificate icon.
    2. Type a valid user identifier.
      For example, if you configured “User ID” as the user identifier attribute in your identity provider, use that User ID value here.
    3. Select Generate, and save the sample certificate file.
  12. Set the Common Name for the Cloud Connector:
    1. In the Principal Propagation section, select Edit.
    2. Set the Common Name (CN) field to an assertion attribute. For example, you can set it to ${name}.

      For a list of assertion attributes, see Enable a Custom SAML Identity Provider.

    3. Select Save.