Single Sign-On with SAP Cloud Platform: SAP Assertion SSO Authentication

Single sign-on to back-end service with assertions


For almost all applications a business runs, the application will consume some sort of service that may reside on-premise or in the cloud. Users of these applications need to be verified against the back-end system as well. In SAP Cloud Platform, one way to enable user authentication by the back-end systems is to use SAP assertion SSO authentication. Once the user has been verified against an Identity Provider (IdP), the destination on SAP Cloud Platform will generate the assertion ticket and pass it along with the request to the cloud connector. The identity of the user between the SAP Cloud Platform and back-end system should be the same when accessing the system to achieve single sign on. 

The solution diagram above illustrates a basic architectural pattern implementing single sign-on using SAP assertion authentication. 

Download the blueprint

Bill of Material - SAP Cloud Platform Components for Licensing Considerations

Note that the following Bill of Material is for reference purposes only. The following table is only an example of the SAP Cloud Platform services and components required for this use case. Please consult your SAP Account Executive regarding your specific licensing needs. Calculations below are based on 100 users.

SAP Cloud Platform services


Licensing metrics

SAP Cloud Platform Identity Authentication

Simplify and secure cloud access from anywhere, on any device.

Logons in blocks of  100

3,000 logons

Customers can use the SAP Cloud Platform pricing estimator to calculate the required investment for a particular project. Scale up or down on services as required.

Members and partners of SAP PartnerEdge* can evaluate the development of an application for this use case – most development licensing is covered by the packs offered by the SAP partner licensing services. Click here for details.

*excluding open ecosystem basic.