on 08-08-2016 2:28 PM
Hello community,
do you know any good reasons why you should deactivate all Passwords in a SAP System when using the SAP SSO solution
Pros:
- Linked to your Windows user (Kerberos Token)
- Prevents locks due to wrong Passwords (or does it still lock users after some time?)
Cons:
- SAP is completely open when someone Forgets to lock their device
- Related Systems could have Trouble with SSO
Hi Nicolai,
disabling all passwords in all involved SAP systems is possible if you can ensure, that every user is SSO enabled and able to access the full set of SAP applications via various frontends e.g. via browser, SAP GUI, via RFC clients, via mobile devices using standardized SSO token formats such as Kerberos, X.509 or SAML.
That is the best case recommendation for almost any SSO scenario As a user you only need to remember your primary password e. g. AD logon, but for this you must ensure proper security, policies and if required MFA or further usage of a second factor based on various conditions (policy based SSO).
Pro:
Con:
Cheers,
Carsten
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.