04-04-2007 9:39 PM
Hi,
are there tools/products available that allow a single sign-on to different systems. We don't use portal for the moment, but want to facilitate user access by providing them with a single sing-on solution that works across different systems (ECC, APO & EBP).
Let me know if you have any information available?
Thanks in advance.
Rafael S.
04-04-2007 10:10 PM
Rafael,
You didn't mention Active Directory being involved ? Many SAP customers who are using Active Directory, like to take advantage of the fact that the user is already authenticating with Active Directory when they logon to their workstation via. a domain account. When using SAP, they can then take advantage of this by using the same credentials available on the workstation, and use them to authenticate the user to the SAP applications. The user gets a Single SignOn exprience - the only authentication they need is the authentication to the MS domain when they logon to their Windows workstation.
Let me know if this sounds interesting ?
Regards,
Tim
04-04-2007 11:14 PM
Hi,
Hum ... I see what you mean. I would like to have something that sits in between being logged on to your workstation and logging on to SAP. Kind of like how your Lotus Notes or outlook or portal works. I think, from a security perspective, logging in to your workstation and then you can just log-on to SAP (without user and password) will be an issue. I'm looking for something that needs a user and password the first time you log-on, but after that you can navigate to the different application without having to deal with user id's and passwords for the individual systems.
Regards.
Rafael S.
04-05-2007 9:07 AM
Rafael,
Let me present a scenario to you, and perhaps you can let me know if it is what you are looking for :
1. user logs onto their workstation using a domain account, or a local account.
2. user starts SAP Logon, and selects an instance to logon to.
3. user presses Logon button
4. A signon screen appears, where the user enters a valid Active Directory account name and password.
5. The users Active Directory account and domain is used to map the user onto a SAP user and client (via SAP USRACL table) and the user is logged onto the SAP instance.
If the above is not what you are looking for, please let me know the differences ?
Thanks,
Tim
04-05-2007 12:49 PM
Rafael, We used a solution called CyberSafe that did just what you're proposing. It's a client that you install on your workstation and you can configure it to SSO against AD or to prompt ONCE for a password and remember it until the workstation is restarted OR you can configure it to require a password every time you logon to the SAP GUI. All authenticating against your active directory. We choose this solution because it was an easy install, simplified the SNC install on the SAP box and the client has a small footprint and all communication between the client and servers is encrypted.
Thanks
Dave W.
11-29-2007 3:38 PM
Hi Tim,
Would the scenario you have listed, work without any third-party tool, if SAP is installed on Linux?
Scenario:
1. user logs onto their workstation using a domain account, or a local account.
2. user starts SAP Logon, and selects an instance to logon to.
3. user presses Logon button
4. A signon screen appears, where the user enters a valid Active Directory account name and password.
5. The users Active Directory account and domain is used to map the user onto a SAP user and client (via SAP USRACL table) and the user is logged onto the SAP instance.
04-05-2007 9:35 AM
Hi Rafael,
there are a number of providers of sultions to this regards. some of them provide authentication based on certificates or RSA SecurID tokens, some do make use of ldap based or kerberos based authentication mechanisms. Based on the list of systems you are talking about SAP GUI only or do you also intend to integrate this with HTTP based access ?
For SAP Gui, SNC partners are available to assist your company. You can find them in the <a href="http://www.sap.com/partners/index.epx">SAP Partner Directory</a> if you click the search button there. On the next page select the Tab search for solutions and search for Cetification Category 'Secure network communication'.
regards,
Patrick