SAP NETWEAVER SINGLE SIGN-ON

S A P N E T W E AV E R
®
SINGLE SIGN-ON
SAP NETWEAVER®
SINGLE SIGN-ON
www.secude.com
©2013 SECUDE AG
SAP NETWEAVER® SINGLE SIGN-ON
SAP NetWeaver Single Sign-On is a modular productivity and security solution for SAP that
combines secure authentication, single sign-on and data-in-transit encryption.
The challenge
Access to an SAP system, whether through SAP GUI, Business Explorer (BEx) or a web browser
is traditionally controlled by a username and password combination.
The problem is that the average SAP user has access to more than one SAP system, resulting
in a growing number of passwords for the user to remember and maintain. Additionally, data
transferred between SAP GUI, BEx and back-end SAP systems is only compressed at best but
not encrypted resulting in passwords and other sensitive information being exposed in cleartext.
The Solution
SAP NetWeaver Single Sign-On addresses all of the above issues by providing secure access
to SAP systems while encrypting all data-in-transit through Secure Network Communication
(SNC). Its integrated single sign-on capabilities seamlessly integrate into existing Microsoft Active Directory, LDAP or Public Key Infrastructures, among others.
Use Cases
SAP NetWeaver Single Sign-On can be deployed to address a wide range of use cases, including:
•Encryption of SAP GUI traffic (available free of charge)
•Single sign-on for SAP GUI for Windows with Kerberos
•Single sign-on for SAP GUI for Windows and Smart Cards Integration
•Single sign-on for SAP GUI for Windows and/or Web Applications
•Web Client – Zero Footprint Client option for SAP GUI and Web Applications
•Web based and Web Service based Single Sign-On via the open SAML standard
•Enterprise Single Sign-On
Components
The solution consists of different components (some of them are optional) that can be mixed
and matched to fit your exact needs and environment. The main components include:
•Secure Login Client (32/64bit)
•Secure Login Web Client (Java Applet for zero footprint implementation)
•Secure Login Library (for ABAP servers)
•Secure Login Server (optional, runs on SAP NetWeaver 7.3+)
•Enterprise Single Sign-On Client
FOR MORE INFORMATION PLEASE VISIT
WWW.SECUDE.COM OR CONTACT US DIRECTLY
Single Sign-On
With single sign-on users login only once
(i.e. to the operating system). All subsequent logins are handled securely and
transparently by the SAP NetWeaver Single Sign-On client in the background resulting in increased user productivity and
significantly reduced helpdesk calls.
Strong Authentication
NetWeaver Single Sign-On supports strong
user authentication through integration
with existing user stores, such as Active
Directory, LDAP, RADIUS or SAP UME, as
well as existing authentication technologies including digital certificates (X.509)
and Kerberos.
Enterprise Single Sign-On
To extend the benefits of NetWeaver Single
Sign-On to non-SAP applications, the solution includes an Enterprise Single Sign-On
component that integrates virtually with
any Windows, Web or Terminal application.
Single sign-on is achieved by storing the
users’ account credentials for all non-SAP
applications in a secure container. Upon
logon to an application that prompts the
user to authenticate Enterprise Single
Sign-On looks up the correct credentials
in the secure container and automatically
provides them to the application.
For example, if a user starts a web-based
application that demands a username and
password, Enterprise Single Sign-On will
recognize the application and automatically enter the details, enabling rapid and
easy login. Enterprise Single Sign-On can
similarly recognize terminal emulation logon dialogs, protected Microsoft Word documents, and much more.
SNC Client Encryption
In the web world, Transport Layer Security
(TLS) is the standard method for encrypting communication channels between client and server. In the SAP world, communication between SAP GUI and ABAP servers
are not encrypted. Anyone with access to
the corporate network could sniff traffic in
order to extract SAP passwords as well as
other sensitive information.
In a partnership that dates back to 1996,
SAP and SECUDE have developed and
implemented the Secure Network Communications (SNC) standard enabling the
encryption of SAP network traffic.
Enabling SNC requires each communication partner to have a cryptographic library, which can be downloaded from the
SAP marketplace.
FOR MORE INFORMATION PLEASE VISIT
WWW.SECUDE.COM OR CONTACT US DIRECTLY
[email protected]
www.secude.com
Switzerland
SECUDE International AG
Werftestrasse 4A
6005 Luzern
Tel: +41 61 366 30 00
Fax: +41 61 366 30 26
GERMANY
SECUDE GmbH
Rheinstrasse 97
64295 Darmstadt
Tel : +49 6151 828 97 0
Fax : +49 6151 828 97 26
USA
SECUDE IT Security, LLC
3331 Sundew Ct
Alpharetta, GA 30005
Tel: +1 (770) 360-5530
Fax: +1 (678) 264-1538
Singapore
SECUDE Singapore Pte Ltd
12 Marina Boulevard
#17-01 Marina Bay Financial
Centre Tower 3
Singapore 018982
Tel: +65 6809 5096
Fax: +65 6809 5001
ABOUT SECUDE
SECUDE is an innovative global provider of IT data protection solutions. The company
was founded in 1996 as a partnership between SAP AG and the Fraunhofer Institute in
Germany. Fraunhofer is Europe’s largest application-oriented research organization. In
early 2011, SECUDE sold SECUDE Application Security to SAP AG, to focus on its core
competency: Endpoint Security. SECUDE helps customers protect sensitive data from
loss or theft and to meet legal and industry requirements and guidelines. Since 2011,
SECUDE has been part of the SAP® PartnerEdge™ Value Added Reseller program and
an SAP distribution partner in Germany, Switzerland and the USA. As an SAP Value
Added Reseller (VAR), SECUDE sells licenses, consulting and implementation services
for the SAP NetWeaver® Single Sign-On solutions in addition to its own product portfolio. Today, SECUDE is trusted by a large number of Fortune 500 companies, including
many DAX companies. Bringing together best global talent in the IT security industry,
SECUDE has offices in Europe, North America and Asia.
FOR MORE INFORMATION PLEASE VISIT
WWW.SECUDE.COM OR CONTACT US DIRECTLY