This page shows you how to add multifactor authentication to your SAP cloud platform using the Octopus Authenticator to gain more control and security over how users log into your network.

  • Login to Octopus Authenticator Console
  • Select Services from the left pane
  • Select Add Service
  • Click Generic SAML service template


Tab 1 – General Information

The following field and values are displayed

Fields nameFields Value
Service nameSAP Cloud Platform
Service statusEnable (default)
Display icon
Login page URL<https://<Enterprise Base URL>/generic-saml/<No.>/login>


Tab 2 – Parameters

The following fields and values are displayed

Field nameField value
LoginLogin method for Octopus Authenticator server
Name IDSAP Cloud Platform login user name
MethodSSO binding method <POST or Redirect>
ACS URLSAP Trusted IP Accretion Custom Services URL
+Add additional parameterDo not add any parameters


Tab 3 – Sign On

The following fields and values are displayed


Field nameField value
Multi Factor Authentication (MFA)Off (default)
Sign-on MethodSAML 2.0
X.509 Certificate 
SAML signature algorithmSHA-1 (default)
Single Sign On (SSO)Off (default)
Issuer URLhttp://< Enterprise base URL>/generic-saml/<No.>
SAML 2.0 Endpoint (HTTP)http://<Enterprise base URL>/generic-saml/login
Custom message

Note: Secret Double Octopus recommendation is to leave the default field values as displayed.


Step 4 – Users

To configure the users of the service

  • Select users either from “Local Users” or “LDAP Users” lists
  • You can select either:
    • A group of users to import, by clicking on the dot next to one of the folders
    • An individual user to import, by clicking on the dot next to that user

The corresponding dot will then be colored blue. When you select only some of the users in the group, the dot adjacent to the group will be colored partially.

After you click SAVE SETTINGS, the selected users will be enrolled in the service.



Set up SSO for SAP Cloud Platform account using Octopus Authenticator Identity Provider

  • Login to your SAP Cloud Platform account

  • Select Security
  • Under “Security” category, Select Trust

  • Under “Trusted Management” page, Select Application Identity Provider
  • Click Add Trusted Identity Provider
  • At “Trusted Identity Provider” page, you should define Secret Double Octopus Sign On metadata details


[Back to Secret Double Octopus Management Console]

To download Secret Double Octopus services’ SAML Metadata:

  • Select Services from the left pane
  • Select SAP Cloud Platform service
  • In the Sign On tab click SAML Metadata button to download the SAML_Metadata file

Retrieve the certificate file by clicking DOWNLOAD under X.509 Certificate.

[Back to SAP Cloud Platform Web Page]

  • In the Trusted Identity Provider page and in Metadata File; Click Browse to import the downloaded Secret Double Octopus Sign-On Metadata file.

  • Upon successful metadata file import, all Identify Provider’s fields are automatically filled out
  • Select “Assertion Consumer Service” as the Assertion Consumer Service value (default value is “Application Root”)
  • Verify the correct value for the following fields:
    • Single Sign-On URL – Secret Double Octopus <SAML 2.0 Endpoint URL>
    • Single Sign-On binding – HTTP POST
    • Single Logout URL – Secret Double Octopus <Enterprise Base URL>/logout
    • Single Logout binding – HTTP Redirect
    • Signature Algorithm – SHA-1
  • Select the downloaded certificate file in Signing Certificate.
  • Save the Trusted Identity Provider settings