Step 1: Create an Active Directory Service Account for SAP Single Sign-On

If you directly started reading from page, please consider starting from here. Ultimate Guide for SAP Single Sign-On: Simplest Method to Enable SAP Single Sign-On

The best practice is to create an active directory account per SAP system id (SID).

  • Create a normal user account in Active Directory. Best practice format for account svc_sap_sso_. Replace with your SAP system ID
  • Select password never expires
  • Select a strong password
  • Make sure that user is in the “Domain Users” group
  • After the account creation, go to attribute editor and insert below lines for attribute “servicePrincipleName”
    • Insert one line for HTTP protocol. HTTP/yoursapapplicationserver.com
    • Te Insert one line for SAP protocol. SAP/ (Replace SID with your SAP System Id)

Step 1 was the easiest one. Let’s continue with Step 2: Configure SAP for SAP Single Sign-On.

Leave a Reply