SSO and AD authentication
We are considering to implement SSO for our SAP R/3 system (only) and would like some recommendations and feedback on the following setup:
The SAP password should be deactivated and the user should be authenticated against Active Directory instead. The user should not be prompted for password when he logs on from SAP GUI (SSO).
How do we manage that different users can login from a shared pc? Eg.: A user logs on to windows and login to SAP via SAP gui, without getting prompted for password (SSO). In the same windows session is must be possible for another user to login to SAP (via Gui), but he somehow needs to be authenticated against AD (password?). Do we have to define to different entries in SAP logon pad ?.
Is the above it possible? and where can we find recommendations and guidelines for this setup?
Any input welcome.