Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Single Sign-on across different systems

Former Member

‎04-04-2007 9:39 PM

0 Kudos

Hi,

are there tools/products available that allow a single sign-on to different systems. We don't use portal for the moment, but want to facilitate user access by providing them with a single sing-on solution that works across different systems (ECC, APO & EBP).

Let me know if you have any information available?

Thanks in advance.

Rafael S.

6 REPLIES 6

tim_alsop
Active Contributor

‎04-04-2007 10:10 PM

0 Kudos

Rafael,

You didn't mention Active Directory being involved ? Many SAP customers who are using Active Directory, like to take advantage of the fact that the user is already authenticating with Active Directory when they logon to their workstation via. a domain account. When using SAP, they can then take advantage of this by using the same credentials available on the workstation, and use them to authenticate the user to the SAP applications. The user gets a Single SignOn exprience - the only authentication they need is the authentication to the MS domain when they logon to their Windows workstation.

Let me know if this sounds interesting ?

Regards,

Tim

Former Member
In response to tim_alsop

‎04-04-2007 11:14 PM

0 Kudos

Hi,

Hum ... I see what you mean. I would like to have something that sits in between being logged on to your workstation and logging on to SAP. Kind of like how your Lotus Notes or outlook or portal works. I think, from a security perspective, logging in to your workstation and then you can just log-on to SAP (without user and password) will be an issue. I'm looking for something that needs a user and password the first time you log-on, but after that you can navigate to the different application without having to deal with user id's and passwords for the individual systems.

Regards.

Rafael S.

tim_alsop
Active Contributor
In response to tim_alsop

‎04-05-2007 9:07 AM

0 Kudos

Rafael,

Let me present a scenario to you, and perhaps you can let me know if it is what you are looking for :

1. user logs onto their workstation using a domain account, or a local account.

2. user starts SAP Logon, and selects an instance to logon to.

3. user presses Logon button

4. A signon screen appears, where the user enters a valid Active Directory account name and password.

5. The users Active Directory account and domain is used to map the user onto a SAP user and client (via SAP USRACL table) and the user is logged onto the SAP instance.

If the above is not what you are looking for, please let me know the differences ?

Thanks,

Tim

Former Member
In response to tim_alsop

‎04-05-2007 12:49 PM

0 Kudos

Rafael, We used a solution called CyberSafe that did just what you're proposing. It's a client that you install on your workstation and you can configure it to SSO against AD or to prompt ONCE for a password and remember it until the workstation is restarted OR you can configure it to require a password every time you logon to the SAP GUI. All authenticating against your active directory. We choose this solution because it was an easy install, simplified the SNC install on the SAP box and the client has a small footprint and all communication between the client and servers is encrypted.

Thanks

Dave W.

Former Member
In response to tim_alsop

‎11-29-2007 3:38 PM

0 Kudos

Hi Tim,

Would the scenario you have listed, work without any third-party tool, if SAP is installed on Linux?

Scenario:

1. user logs onto their workstation using a domain account, or a local account.

2. user starts SAP Logon, and selects an instance to logon to.

3. user presses Logon button

4. A signon screen appears, where the user enters a valid Active Directory account name and password.

5. The users Active Directory account and domain is used to map the user onto a SAP user and client (via SAP USRACL table) and the user is logged onto the SAP instance.

Former Member

‎04-05-2007 9:35 AM

0 Kudos

Hi Rafael,

there are a number of providers of sultions to this regards. some of them provide authentication based on certificates or RSA SecurID tokens, some do make use of ldap based or kerberos based authentication mechanisms. Based on the list of systems you are talking about SAP GUI only or do you also intend to integrate this with HTTP based access ?

For SAP Gui, SNC partners are available to assist your company. You can find them in the <a href="http://www.sap.com/partners/index.epx">SAP Partner Directory</a> if you click the search button there. On the next page select the Tab search for solutions and search for Cetification Category 'Secure network communication'.

regards,

Patrick