< Back
You are here:


This page shows you how to add multifactor authentication to your SAP cloud platform using the Octopus Authenticator to gain more control and security over how users log into your network.

  • Login to Octopus Authenticator Console
  • Select Services from the left pane
  • Select Add Service
  • Click Generic SAML service template


Tab 1 – General Information

The following field and values are displayed

Fields name Fields Value
Service name SAP Cloud Platform
Issuer SAP
Service status Enable (default)
Display icon
Login page URL <https://<Enterprise Base URL>/generic-saml/<No.>/login>


Tab 2 – Parameters

The following fields and values are displayed

Field name Field value
Login Login method for Octopus Authenticator server
Name ID SAP Cloud Platform login user name
Method SSO binding method <POST or Redirect>
ACS URL SAP Trusted IP Accretion Custom Services URL
+Add additional parameter Do not add any parameters


Tab 3 – Sign On

The following fields and values are displayed


Field name Field value
Multi Factor Authentication (MFA) Off (default)
Sign-on Method SAML 2.0
X.509 Certificate  
SAML signature algorithm SHA-1 (default)
Single Sign On (SSO) Off (default)
Issuer URL http://< Enterprise base URL>/generic-saml/<No.>
SAML 2.0 Endpoint (HTTP) http://<Enterprise base URL>/generic-saml/login
Custom message

Note: Secret Double Octopus recommendation is to leave the default field values as displayed.


Step 4 – Users

To configure the users of the service

  • Select users either from “Local Users” or “LDAP Users” lists
  • You can select either:
    • A group of users to import, by clicking on the dot next to one of the folders
    • An individual user to import, by clicking on the dot next to that user

The corresponding dot will then be colored blue. When you select only some of the users in the group, the dot adjacent to the group will be colored partially.

After you click SAVE SETTINGS, the selected users will be enrolled in the service.



Set up SSO for SAP Cloud Platform account using Octopus Authenticator Identity Provider

  • Login to your SAP Cloud Platform account

  • Select Security
  • Under “Security” category, Select Trust

  • Under “Trusted Management” page, Select Application Identity Provider
  • Click Add Trusted Identity Provider
  • At “Trusted Identity Provider” page, you should define Secret Double Octopus Sign On metadata details


[Back to Secret Double Octopus Management Console]

To download Secret Double Octopus services’ SAML Metadata:

  • Select Services from the left pane
  • Select SAP Cloud Platform service
  • In the Sign On tab click SAML Metadata button to download the SAML_Metadata file

Retrieve the certificate file by clicking DOWNLOAD under X.509 Certificate.

[Back to SAP Cloud Platform Web Page]

  • In the Trusted Identity Provider page and in Metadata File; Click Browse to import the downloaded Secret Double Octopus Sign-On Metadata file.

  • Upon successful metadata file import, all Identify Provider’s fields are automatically filled out
  • Select “Assertion Consumer Service” as the Assertion Consumer Service value (default value is “Application Root”)
  • Verify the correct value for the following fields:
    • Single Sign-On URL – Secret Double Octopus <SAML 2.0 Endpoint URL>
    • Single Sign-On binding – HTTP POST
    • Single Logout URL – Secret Double Octopus <Enterprise Base URL>/logout
    • Single Logout binding – HTTP Redirect
    • Signature Algorithm – SHA-1
  • Select the downloaded certificate file in Signing Certificate.
  • Save the Trusted Identity Provider settings