The SAP Single Sign-On (SAP SSO) product enables users to log in to SAP without entering any password. If you have SAP in your inventory, I recommend enabling SAP Single Sign-On from the day one of SAP Go-Live. If you didn’t enable yet, no worries, don’t wait to set up and continue reading.
Audience: People who are willing to implement SAP Single Sign-On efficiently.
Authenticate with Kerberos/SPNEGO
If you have experts in your team, it will take 2 weeks from starting implementation to releasing it to end-users.
- Your Company is using Microsoft Active Directory
- End users are using company computers
- SAP Secure Client Login software installation for the end-user computer
- SAP Single Sign-On License
How It Works:
- Upon connection start, the Secure Login Client retrieves the SNC name (User Principal Name of the service user) of the respective SAP server system.
- The Secure Login Client starts at the Ticket Granting Service a request for a Kerberos Service token.
- The Secure Login Client receives the Kerberos Service token
- The Secure Login Client provides the Kerberos Service token for SAP single sign-on and secure
communication between the SAP Client and SAP server.
- The user is authenticated, and the communication is secured.
Let’s keep hands dirty, are you ready?
Step 1: Create an Active Directory Service Account
Step 2: Configure SAP for SAP Single Sign-On
Step 3: Installing SAP Secure Login Client software to client PC
Step 4: Configure an SAP User Account for SAP Single Sign-On – User Mapping
Step 5: Change SAP System Login Settings for SAP GUI
If you also have SAP Business Objects, don’t forget to check this out. Ultimate Guide for SAP Business Objects Single Sign-On (coming-soon).