If you directly started reading from page, please consider starting from here. Ultimate Guide for SAP Single Sign-On: Simplest Method to Enable SAP Single Sign-On
The best practice is to create an active directory account per SAP system id (SID).
- Create a normal user account in Active Directory. Best practice format for account svc_sap_sso_. Replace with your SAP system ID
- Select password never expires
- Select a strong password
- Make sure that user is in the “Domain Users” group
- After the account creation, go to attribute editor and insert below lines for attribute “servicePrincipleName”
- Insert one line for HTTP protocol. HTTP/yoursapapplicationserver.com
- Te Insert one line for SAP protocol. SAP/ (Replace SID with your SAP System Id)
Step 1 was the easiest one. Let’s continue with Step 2: Configure SAP for SAP Single Sign-On.