MicroStrategy ONE

Configure Azure AD with SAP HANA SSO

You must install or configure the following items before configuring Azure AD with SAP HANA SSO:

  • Two application registrations in Azure AD.
  • A SAP HANA instance.
  • MicroStrategy Workstation version 11.3.8 and later.

Application Registration #1: Azure AD

Create a Scope

  1. Once you access your application registration, click Expose an API.
  2. Click Add a scope. If you have not entered an Application ID URI, Azure AD creates one.
  3. Click Save and continue.
  4. Enter values in Scope name, Admin consent display name, and Admin consent description.

  5. Click Add scope.

Add API Permissions

  1. In the navigation pane, under Manage, click API permissions.
  2. Click Add a permission and add the email, offline_access, openid, profile, and User.Read Microsoft Graph permissions.

  3. Click Grant admin consent.

Modify the Access Token Accepted Version

  1. In the navigation pane, under Manage, click Manifest.
  2. Change "accessTokenAcceptedVersion": null, to "accessTokenAcceptedVersion": 2,.
  3. Click Save.

Add Owners

  1. In the navigation pane, under Manage, click Owners.
  2. Click Add owners and enter the required information.

Application Registration #2: MicroStrategy OIDC

This application registration is required to log in to MicroStrategy via OIDC and adds permissions to generate JWT tokens from the SAP HANA JWT application registration.

Add API Permissions

  1. In the navigation pane, under Manage, click API permissions.
  2. Click Add a permission and add the email, offline_access, openid, profile, and User.Read Microsoft Graph permissions.
  3. Add permissions for the SAP HANA JWT application registration scope that you created above.
  4. Click Grant admin consent.

Add Owners

  1. In the navigation pane, under Manage, click Owners.
  2. Click Add owners and enter the required information.