The SAP Single Sign-On (SAP SSO) product enables users to log in to SAP without entering any password. If you have SAP in your inventory, I recommend enabling SAP Single Sign-On from the day one of SAP Go-Live. If you didn’t enable yet, no worries, don’t wait to set up and continue reading.
Audience: People who are willing to implement SAP Single Sign-On efficiently.
Authenticate with Kerberos/SPNEGO
If you have experts in your team, it will take 2 weeks from starting implementation to releasing it to end-users.
Requirements:
- Your Company is using Microsoft Active Directory
- End users are using company computers
- SAP Secure Client Login software installation for the end-user computer
- SAP Single Sign-On License
How It Works:
- Upon connection start, the Secure Login Client retrieves the SNC name (User Principal Name of the service user) of the respective SAP server system.
- The Secure Login Client starts at the Ticket Granting Service a request for a Kerberos Service token.
- The Secure Login Client receives the Kerberos Service token
- The Secure Login Client provides the Kerberos Service token for SAP single sign-on and secure
communication between the SAP Client and SAP server. - The user is authenticated, and the communication is secured.
Let’s keep hands dirty, are you ready?
Step 1: Create an Active Directory Service Account
Step 2: Configure SAP for SAP Single Sign-On
Step 3: Installing SAP Secure Login Client software to client PC
Step 4: Configure an SAP User Account for SAP Single Sign-On – User Mapping
Step 5: Change SAP System Login Settings for SAP GUI
If you also have SAP Business Objects, don’t forget to check this out. Ultimate Guide for SAP Business Objects Single Sign-On (coming-soon).
We have a setup where SAP GUI Logon Pad app is hosted on Citrix, can it be possible to have SAP SSO enabled?
Here as well users access Citrix via a web interface and then view list of apps being provisioned to them.
Secure Login Client is working on Citrix XenApp but I personally didn’t try it. Check below link, hope it helps.
https://help.sap.com/viewer/df185fd53bb645b1bd99284ee4e4a750/3.0/en-US/35ae5f10294347d498a852200c949024.html