cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP SSO With out integrating with LDAP/Active Directory

Former Member

on ‎04-12-2015 8:31 PM

0 Kudos

Dear All,

Good Day.

We have following components in our landscape.

SAP ECC 6.0 EHP7 (HANA DB)

SAP BI 7.4 (HANA DB)

SAP EP 7.4 (Syabse DB)

SAP BO 4.1 (Sybase SQL anywhere)

SAP Solman 7.1 (Sybase DB)

SAP CRM 7.0 EHP2 (Sybase DB)

SAP Content server 6.5 (Max DB)

And we have plan to implement Fiori applications as well in HR,MM and FI areas. My major requiremnt is, can we acheive SAP SSO to all above SAP solutions without integrating with LDAP/Active directory.

The idea is once end user login to his PC/laptop, he should not prompt any user name/password while logging on to ABAP (ECC, BI, Solman,CRM) and EP,BO,Solman and CRM portals.

I got information that we can achieve this using SAP NW SSO 2.0, But not 100 % sure that we can achieve this without integrating with LDAP/Active directory.


Incase Active directory integration is mandatory to acheive above requirement, please confirm. 


FYI, in my environment we have 4 different companies with different active directory accounts but all are going to use the same SAP landscape as mentioned above. How to proceed AD integration incase it is mandatory.

Your reccomendations/advises will be a great help for my team. Looking forward for postive replies.

Thanks in advance.

Best Regards

Praveen P

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

tim_alsop
Active Contributor
‎04-12-2015 10:01 PM
0 Kudos

If you have 4 companies, each with their own AD even without domain trust, it is possible (and quite easy) to implement SSO. If you don't use AD then you are going to have to add additional infrastructure and increase implementation costs, so I would not recommend it.

Thanks

TIm

Show replies
Show replies
tim_alsop
Active Contributor
‎04-13-2015 6:53 AM
0 Kudos

Also, if you don't use AD then you are going to have to find another way to authenticate the users. You mentioned that you want users to logon to PC/laptop and then get logged into ABAP and EP etc. without being asked for credentials. I hope you understand that to login to these SAP systems, the user needs to authenticate first and they have already authenticated when they logged into the PC/laptop (via AD) so you should use this authentication instead of asking them to authenticate again.

Former Member
‎04-13-2015 7:46 AM
0 Kudos

Dear Tim,

Thanks for your update and recommendations. I understand from your second post that you are suggesting to go with AD integration to achieve SSO what we needed in my environment. Please confirm.

I would like to know what exactly we can achieve with SAP NW SSO 2.0 (without AD integration) for all types of SAP Instances (ABAP & portals).

Thanks

Praveen

tim_alsop
Active Contributor
‎04-13-2015 8:07 AM
0 Kudos

Yes, I can confirm that I am suggesting/recommending that you use AD integration to avoid extra costs and complexities, and so that users don't need to authenticate more than once.

If you use any SSO product that doesn't somehow link with the initial workstation logon, then the user will have to authenticate again after they login to their pc/laptop. The SAP SSO product would be one product available to consider, and this product can issue short lived certificates to the client which would then be used to logon to the system, but in order for it to issue the certificate, it needs to first authenticate the user.

Thanks

TIm

Ask a Question