Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

A Portal Security Issue

We have one portal system with two portal applications:SAP

ESS (Employee Self Service) and SAP LMS (learning management system).

Currently when users logs in the portal will use a network LDAP to

authenticate users access. Once users are authenticated they will see one

page (one view) with two buttons:one for ESS (associate Personal Data) and

the other is for Global Learning Center (LMS). We want to implement two

other application TCI (Total Compensation) within ESS and MSS (Manager Self

Service). Several Security issues has been raised. I can describe security

requirements in two categories: One general which is not very security

sensitive and network password is enough. LMS and some features in ESS

will fall in this category. We have very sensitive application like MSS

and TCI (which a component within ESS). For the sensitive application like

MSS and for the TCI component can we add additional level of authentication

or challenge response. For example when I login to my Bank web site not

only I enter my user id or account id and password but I have to answer

another confidential question. Some web site will show you a picture and

asks you to enter additional pin number. Have any one done some thing like

that in SAP portal? Any idea how to add additional security in SAP portal?

How to create custom login module? All components that I described

above belongs to the same portal application and belong to one ECC system?

Do you think we need two portal systems: one for sensitive and another for

non-sensitive components?

We are thinking for two level authentication. One use LDAP to get into

the portal main page but when a user click on MSS their should be another

authentication (a password or something similar to that) ? Is this do

able? What is the best solution for this type of situations? We have someone

suggested to implement MSS on a separate portal and then added it to the

iView which will require UME authentication when someone try to access it.

The UME password will be different from the LDAP password. What you think

of this approach? Any different idea.

Former Member
Not what you were looking for? View more on this topic or Ask a question