Untitled

SAP SINGLE SIGN-ON
THE CHALLENGE
Access to an SAP system, whether through SAP GUI,
Business Explorer (BEx) or a web browser, is traditionally
controlled by a username and password combination.
The problem is that the average SAP user has access
to more than one SAP system, resulting in a growing
number of passwords for the user to remember and
maintain. Additionally, data transferred between SAP
GUI, BEx and back-end SAP systems is only compressed
at best but not encrypted resulting in passwords and
other sensitive information being exposed in clear-text.
SAP Single Sign-On is a modular
productivity and security solution
for SAP that combines secure
authentication, single sign-on and
data-in-transit encryption.
THE SOLUTION
SAP Single Sign-On addresses all of the above
issues by providing secure access to SAP systems
while encrypting all data-in-transit through Secure
Network Communication (SNC). Its integrated
single sign-on capabilities seamlessly integrate into
existing Microsoft Active Directory, LDAP or Public
Key Infrastructures, among others.
USE CASES
COMPONENTS
SAP Single Sign-On can be deployed to address a wide
range of use cases, including:
The solution consists of different components
(some of them are optional) that can be mixed and
matched to fit your exact needs and environment.
The main components include:
• Encryption
• SAP Single
of SAP GUI traffic (available free of charge)
Sign-On GUI for Windows with Kerberos
• SAP Single Sign-On GUI for Windows and Smart Cards
Integration
• SAP Single Sign-On GUI for Windows and/or Web
Applications
• Web Client – Zero Footprint Client option for SAP GUI
and Web Applications
• Web based and Web Service based Single Sign-On via
the open SAML standard
• Enterprise Single Sign-On
1
For more information visit www.secude.com
Or contact us directly at [email protected]
• Secure
Login Client (32/64bit)
Login Web Client (Java Applet for zero
footprint implementation)
• Secure Login Library (for ABAP servers)
• Secure Login Server (optional, runs on SAP
NetWeaver 7.3+)
• Enterprise Single Sign-On Client
• Secure
SINGLE SIGN-ON
With single sign-on, users login only once (i.e. to the
operating system).
All subsequent logins are handled securely and
transparently by the SAP Single Sign-On client in the
background resulting in increased user productivity
and significantly reduced helpdesk calls.
STRONG AUTHENTICATION
SAP Single Sign-On supports strong user
authentication through integration with
existing
user stores, such as Active Directory, LDAP, RADIUS
or SAP UME, as well as existing authentication
technologies including digital certificates (X.509)
and Kerberos.
ENTERPRISE
SINGLE SIGN-ON
SNC CLIENT ENCRYPTION
In the web world, Transport Layer Security (TLS) is
the standard method for encrypting communication
channels between client and server. In the SAP
world, communication between SAP GUI and ABAP
servers are not encrypted. Anyone with access to
the corporate network could sniff traffic in order
to extract SAP passwords as well as other sensitive
information.
In a partnership that dates back to 1996, SAP and
SECUDE have developed and
implemented the
Secure Network Communications (SNC) standard
enabling the encryption of SAP network traffic.
Enabling SNC requires each communication partner
to have a cryptographic library, which can be
downloaded from the SAP marketplace.
To extend the benefits of Single Sign-On for SAP
to non-SAP applications, the solution includes
an Enterprise Single Sign-On component that
integrates virtually with any Windows, Web or
Terminal application.
Single sign-on is achieved by storing the users’
account credentials for all non-SAP applications in a
secure container. Upon logon to an application that
prompts the user to authenticate, Enterprise Single
Sign-On looks up the correct credentials in the
secure container and automatically provides them
to the application.
For example, if a user starts a web-based application
that demands a username and password, Enterprise
Single Sign-On will recognize the application and
automatically enter the details, enabling rapid and
easy login. Enterprise Single Sign-On can similarly
recognize terminal emulation logon dialogs,
protected Microsoft Word documents, and much
more.
For more information visit www.secude.com
Or contact us directly at [email protected]
2
SWITZERLAND
SECUDE International AG
Werftestrasse 4A
6005 Luzern
Tel: +41 61 366 30 00
Fax: +41 61 366 30 26
GERMANY
SECUDE GmbH
Rheinstrasse 97
64295 Darmstadt
Tel : +49 6151 828 97 0
Fax : +49 6151 828 97 26
USA
SECUDE IT Security, LLC
3331 Sundew Ct
Alpharetta, GA 30005
Tel: +1 (770) 360-5530
Fax: +1 (678) 264-1538
ABOUT SECUDE
SECUDE is an innovative global provider of IT data protection solutions for SAP customers. The company was founded
in 1996 as a partnership between SAP AG and Europe’s largest application-oriented research organization, Fraunhofer
institute in Germany. SECUDE helps customers protect sensitive data from loss or theft and to meet legal and industry
requirements and guidelines. Since 2011, SECUDE has been part of the SAP® PartnerEdge™ Value Added Reseller
program and an SAP distribution partner in Germany and Switzerland. SECUDE’s solutions enable enterprises that run
on SAP to identify sensitive data exports from SAP applications with intelligent classification and secure information
with strong encryption and fine-grained permission policies, allowing it to be safely accessed, stored, and shared inside
the enterprise and across cloud and mobile platforms. Today, SECUDE is trusted by a large number of Fortune 500
companies, including many DAX companies. With offices in Europe, North America and Asia, SECUDE embraces global
IT security.
For more information visit www.secude.com
Or contact us directly at [email protected]