{"id":58700,"date":"2026-03-12T09:57:54","date_gmt":"2026-03-12T08:57:54","guid":{"rendered":"https:\/\/xiting.com\/?page_id=58700"},"modified":"2026-03-16T10:59:48","modified_gmt":"2026-03-16T09:59:48","slug":"migration-sap-sso-3-0-zu-sap-secure-login-service","status":"publish","type":"page","link":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/","title":{"rendered":"Von SAP Single Sign-On 3.0 (SSO) zu SAP Secure Login Service (SLS)"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"58700\" class=\"elementor elementor-58700 elementor-58085\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c6be7f4 e-flex e-con-boxed e-con e-parent\" data-id=\"c6be7f4\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-8e7211e elementor-hidden-mobile e-flex e-con-boxed e-con e-child\" data-id=\"8e7211e\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5d5de4d elementor-widget-mobile__width-initial elementor-widget elementor-widget-button\" data-id=\"5d5de4d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-xs\" href=\"https:\/\/xiting.com\/de\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-home\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bc3f70d elementor-widget elementor-widget-text-editor\" data-id=\"bc3f70d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\/<\/p><br>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e46a79 elementor-widget-mobile__width-initial elementor-widget elementor-widget-button\" data-id=\"2e46a79\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-xs\" href=\"https:\/\/xiting.com\/de\/sap-knowledge\/identity-access-management\/single-sign-on\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">SAP Single Sign-On<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5e5be0a elementor-widget elementor-widget-text-editor\" data-id=\"5e5be0a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\/<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5157da3 elementor-widget-mobile__width-initial elementor-widget elementor-widget-button\" data-id=\"5157da3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-xs\" href=\"https:\/\/xiting.com\/de\/?page_id=58700\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">SAP Secure Login Service (SLS)<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-eabb9a1 animated-fast e-flex e-con-boxed elementor-invisible e-con e-parent\" data-id=\"eabb9a1\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6333fe2 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"6333fe2\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Von SAP Single Sign-On 3.0 (SSO) <br> zu SAP Secure Login Service (SLS)<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-48602e7 e-con-full e-flex e-con e-child\" data-id=\"48602e7\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fe687a6 elementor-widget elementor-widget-text-editor\" data-id=\"fe687a6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><p><a href=\"https:\/\/xiting.com\/de\/sap-knowledge\/identity-access-management\/single-sign-on\/\">SAP Single Sign-On 3.0 (SSO)<\/a> l\u00e4uft Ende 2027 aus und wird durch den Cloud-basierten Secure Login Service (SLS) ersetzt. Unternehmen stehen damit vor der Aufgabe, ihre Authentifizierung ganzheitlich zu modernisieren und Zero-Trust-Vorgaben umzusetzen. Erfahren Sie, wie sie mit Xiting sicher zum SAP Secure Login Service migrieren k\u00f6nnen.\u00a0<\/p><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-28afb1a elementor-widget elementor-widget-button\" data-id=\"28afb1a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-size-sm\" role=\"button\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-arrow-right\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Jetzt unverbindliche Beratung anfragen<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-96b394a elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"96b394a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Der Weg in eine moderne, Zero Trust f\u00e4hige SAP-Authentifizierung<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6084848 elementor-widget elementor-widget-text-editor\" data-id=\"6084848\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><p><strong>Studien zeigen:<\/strong> 80 % aller Sicherheitsvorf\u00e4lle basieren auf gestohlenen oder schwachen Passw\u00f6rtern. Weltweit wurden 2024 \u00fcber 5 Milliarden Konten kompromittiert &#8211; ein eindeutiges Signal, dass klassische Passwortmodelle ausgedient haben. Allein das Zur\u00fccksetzen vergessener SAP-Passw\u00f6rter verursacht im Schnitt 11 Stunden Produktivit\u00e4tsverlust pro Mitarbeiter und Jahr. Moderne SSO- und MFA-Verfahren sind deshalb l\u00e4ngst kein \u201eNice-to-have\u201c mehr, sondern ein zentraler Faktor in jeder Zero-Trust-Strategie.<\/p><p>\u00dcber ein Jahrzehnt lang war SAP Single Sign-On 3.0 der verl\u00e4ssliche Standard f\u00fcr passwortlose Logins in SAP-Systemen. Millionen Anwender authentifizieren sich t\u00e4glich \u00fcber Kerberos oder X.509 \u2013 stabil, etabliert, vertraut. Doch die Zeit l\u00e4uft: <strong>Am 31. Dezember 2027 endet die Wartung von SAP SSO 3.0<\/strong> \u2013 inklusive des SAP NetWeaver AS Java, auf dem zentrale Komponenten wie der Secure Login Server basieren. Gleichzeitig ver\u00e4ndern Cloud-First-Strategien, Zero-Trust-Modelle und regulatorische Anforderungen (NIS2, ISO 27001, DSGVO, interne Security-Audits) die Erwartungen an Authentifizierung grundlegend. Unternehmen m\u00fcssen heute nicht mehr nur \u201eSingle Sign-On\u201c erm\u00f6glichen \u2013 sie m\u00fcssen Multi-Faktor-Authentifizierung (MFA), Ger\u00e4tevertrauen, Conditional Access und zentrale Policies \u00fcber alle Kan\u00e4le hinweg durchsetzen: <strong>SAP GUI, Fiori, BTP, SaaS und Partnerzugriffe<\/strong>.<\/p><p>Diese Entwicklung macht deutlich, dass <strong>klassische On-Premise-Authentifizierung nicht mehr ausreicht<\/strong> und ein strategischer Wechsel notwendig wird. W\u00e4hrend Web-, Cloud- und SaaS-Anwendungen l\u00e4ngst problemlos an moderne Identity Provider angebunden werden k\u00f6nnen, bleibt das <strong>SAP GUI<\/strong> eine <strong>Sonderwelt<\/strong>: Das propriet\u00e4re SNC-Protokoll unterst\u00fctzt weder SAML noch OIDC, sondern ausschlie\u00dflich Kerberos oder X.509. Damit passt das GUI nicht nahtlos in Zero-Trust- oder Conditional-Access-Modelle \u2013 und genau diese L\u00fccke schlie\u00dft der SAP Secure Login Service (SLS).<\/p><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e65540f elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"e65540f\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Warum die Migration auf  Secure Login Service  (SLS) strategisch unvermeidbar ist<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-18f6b95 elementor-widget elementor-widget-text-editor\" data-id=\"18f6b95\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Der Secure Login Service (SLS) ist der einzige von SAP empfohlene Nachfolger f\u00fcr SAP SSO 3.0 \u2013 technisch notwendig, sicherheitstechnisch sinnvoll und strategisch unvermeidbar f\u00fcr Zero Trust.<strong><br \/><\/strong><br \/><strong>Viele Organisationen stehen heute nun an einem Punkt, an dem ihr bestehendes SSO-Setup technisch funktioniert \u2013 aber strategisch ausl\u00e4uft:<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-46123b3 elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"46123b3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-times\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Kerberos\/SPNEGO\u00a0ist\u00a0nicht\u00a0Zero-Trust-f\u00e4hig\u00a0(offline-Tickets,\u00a0keine\u00a0MFA)<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-times\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Der\u00a0Secure\u00a0Login\u00a0Server\u00a0(AS\u00a0Java)\u00a0wird\u00a02027\u00a0abgek\u00fcndigt<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-times\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Unterschiedliche\u00a0Authentifizierungswege\u00a0f\u00fcr\u00a0GUI,\u00a0Fiori\u00a0und\u00a0BTP\u00a0erh\u00f6hen\u00a0die\u00a0Komplexit\u00e4t<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-times\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Regulatorische Vorgaben fordern kontextbasierte, Cloud-f\u00e4hige Verfahren<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-times\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">On-Premise-SSO-Server\u00a0verursachen\u00a0unn\u00f6tige\u00a0Kosten\u00a0und\u00a0Betriebsaufwand<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-b7eaced e-con-full e-flex e-con e-child\" data-id=\"b7eaced\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-719943d elementor-widget elementor-widget-text-editor\" data-id=\"719943d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"color: #cd1316;\"><strong>Hinzu kommt:<\/strong><\/span>\u00a0Kerberos bleibt zwar ein bew\u00e4hrtes und stabiles Verfahren, doch es funktioniert ausschlie\u00dflich innerhalb einer AD-Dom\u00e4ne.<br \/>Moderne Anforderungen wie ger\u00e4tebasierte Sicherheit, kontextabh\u00e4ngige Policies oder dynamische MFA lassen sich damit nicht abbilden.<br \/>Genau hier beginnt die technische Grenze klassischer On-Premise-Authentifizierung.<\/p><p>Die Antwort liefert <strong>SAP Secure Login Service (SAP SLS) f\u00fcr SAP GUI<\/strong>\u00a0\u2013\u00a0der Cloud-basierte Nachfolger von SAP SSO 3.0 innerhalb der<a href=\"https:\/\/xiting.com\/de\/sap-knowledge\/identity-access-management\/cloud-identity-service\/\">\u00a0SAP\u00a0Cloud\u00a0Identity\u00a0Services<\/a>\u00a0(IAS\/IPS\/IdDS).\u00a0<\/p><p>SAP SLS\u00a0ersetzt\u00a0klassische\u00a0Kerberos-Tickets\u00a0durch\u00a0kurzlebige,\u00a0nicht\u00a0exportierbare<strong>\u00a0X.509-Zertifikate<\/strong>, die im SAP-Trust Center ausgestellt werden \u2013 gesteuert \u00fcber den Corporate Identity Provider (z. B. Microsoft Entra ID, Ping, Okta, etc.)<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-33dfc03 e-con-full e-flex e-con e-child\" data-id=\"33dfc03\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3f3ae52 elementor-icon-list--layout-inline elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"3f3ae52\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items elementor-inline-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-inline-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-arrow-right\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Die Migration zu SLS ist deshalb nicht einfach ein technisches Upgrade - sie markiert den \u00dcbergang von lokaler Netzwerk-Authentifizierung hin zu einem Cloud-basierten Zero-Trust-Modell, in dem Identit\u00e4t, Ger\u00e4t und Kontext dynamisch bewertet werden.<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6cd5893 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"6cd5893\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Wie SAP Secure Login Service (SLS)  funktioniert<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dff2e21 elementor-widget elementor-widget-text-editor\" data-id=\"dff2e21\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>SLS verbindet SAP GUI mit modernen Cloud-Identit\u00e4tsstandards. Zertifikate werden dynamisch ausgestellt, Richtlinien zentral durchgesetzt und Passw\u00f6rter vollst\u00e4ndig ersetzt.<\/p><p><strong>Der Ablauf ist elegant und technisch ausgereift:<\/strong><\/p><ol><li>Der Benutzer startet SAP GUI<\/li><li>Der Secure Login Client (SLC) authentifiziert den Nutzer \u00fcber IAS beim Corporate IDP (z. B. Entra ID)<\/li><li>Policies, MFA und Ger\u00e4tekonformit\u00e4t greifen &#8211; Zero Trust in Aktion<\/li><li>SLS stellt ein tempor\u00e4res, non-exportable X.509-Zertifikat aus<\/li><li>SAP GUI nutzt dieses Zertifikat \u00fcber SNC (CommonCryptoLib) f\u00fcr die verschl\u00fcsselte Anmeldung am ABAP-System<\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-218aabb elementor-widget elementor-widget-image\" data-id=\"218aabb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"967\" height=\"475\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2026\/03\/authentication-flow-with-sap-secure-login-service.png\" class=\"attachment-full size-full wp-image-58940\" alt=\"Process of SAP Secure Login Service authentication with SAP GUI, Identity Authentication Service, the corporate identity provider, and the issuance of an X.509 certificate by the SAP Cloud CA.\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2026\/03\/authentication-flow-with-sap-secure-login-service.png 967w, https:\/\/xiting.com\/wp-content\/uploads\/2026\/03\/authentication-flow-with-sap-secure-login-service-300x147.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2026\/03\/authentication-flow-with-sap-secure-login-service-768x377.png 768w\" sizes=\"(max-width: 967px) 100vw, 967px\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Abb. 1  Visualisierung des Authentifizierungsprozesses im SAP Secure Login Service (SLS)<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a6d1a8b elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"a6d1a8b\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Typische Migrationspfade in Projekten<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a5b06f9 elementor-widget elementor-widget-text-editor\" data-id=\"a5b06f9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><p><strong>Der Wechsel von SAP SSO 3.0 oder reinen Kerberos-Setups zu SLS ist kein \u201ePlug &amp; Play\u201c, sondern ein strategisches Modernisierungsprojekt mit klaren Phasen:<\/strong><\/p><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-28a7317 e-grid e-con-full e-con e-child\" data-id=\"28a7317\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-94576ef elementor-widget elementor-widget-text-editor\" data-id=\"94576ef\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-left: 40px;\"><strong>1. Analyse und Zielbild<br \/><\/strong><br \/>\u2022 Aufnahme der Ist-Landschaft (Kerberos, X.509, SAML, OIDC)<br \/>\u2022 Definition einer hybriden Auth-Strategie (Zero Trust, MFA, externe Partner)<br \/>\u2022 Bewertung von IAS-Tenant-Strategien und Namenskonventionen<br \/>\u2022 Bewertung der Auswirkungen auf bestehende Rollen- und Berechtigungsstrukturen<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-458bcbc elementor-widget elementor-widget-text-editor\" data-id=\"458bcbc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-left: 40px;\"><strong>2. Architektur und Design<br \/><\/strong><br \/>\u2022 Aufbau der Trusts zwischen Entra ID \u2194 IAS \u2194 SAP-Systemen<br \/>\u2022 Definition der Claim-Matrix (UPN, E-Mail, UUID)<br \/>\u2022 Integration von IPS\/SCIM-Prozessen f\u00fcr persistente Identit\u00e4ten im IdDS<br \/>\u2022 Erarbeitung eines standardisierten Authentifizierungsmodells f\u00fcr alle Zugriffskan\u00e4le<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d256bfb elementor-widget elementor-widget-text-editor\" data-id=\"d256bfb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div style=\"padding-left: 40px;\"><strong><br \/>3. Proof of Concept (PoC)<br \/><\/strong><br \/>\u2022 Technische Tests mit realen Endger\u00e4ten<br \/>\u2022 Koexistenz von Kerberos und SLS<br \/>\u2022 \u00dcberpr\u00fcfung der http\/ICF-Services (SPNEGO \u2194 SAML Fallback)<br \/>\u2022 Validierung der Benutzererfahrung und der Auswirkungen auf den t\u00e4glichen Betrieb<\/div><div>\u00a0<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b26487b elementor-widget elementor-widget-text-editor\" data-id=\"b26487b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div style=\"padding-left: 40px;\"><strong><br \/>4. Pilot und Rollout<br \/><\/strong><br \/>\u2022 Rollout des SLC an Pilotgruppen<br \/>\u2022 Interne Kommunikation und Awareness-Kampagne<br \/>\u2022 Schrittweise Migration nach Systemlandschaften oder Regionen<br \/>\u2022 Begleitendes Monitoring zur Stabilisierung des Zielbetriebs<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-959c845 elementor-widget elementor-widget-text-editor\" data-id=\"959c845\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div>\u00a0<\/div><div style=\"padding-left: 40px;\"><p><strong>5. Decommissioning und Governance<\/strong><\/p><\/div><div style=\"padding-left: 40px;\">\u2022 Abschaltung des alten Secure Login Servers<br \/>\u2022 Konsolidierung der Authentifizierungsstrategie auf IAS\/Entra<br \/>\u2022 Monitoring, Rezertifizierung, Device-Compliance, SIEM-Integration<br \/>\u2022 Einf\u00fchrung langfristiger Betriebsmodelle und klarer Verantwortlichkeiten<\/div><div style=\"padding-left: 40px;\"><strong>\u2192 Mit diesem Vorgehen bleibt die Produktivit\u00e4t gesichert und die Transformation planbar<\/strong><\/div><div>\u00a0<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-64f308f elementor-align-center elementor-widget elementor-widget-button\" data-id=\"64f308f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/xiting.com\/de\/identity-access-management\/single-sign-on\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-angle-double-right\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Mehr \u00fcber Single Sign-On erfahren<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-598869c elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"598869c\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Best Practices und Lessons Learned aus Projekten<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-21324e3 elementor-widget elementor-widget-text-editor\" data-id=\"21324e3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><br \/>Ein zentraler <strong>Erfolgsfaktor in SLS-Projekten<\/strong> ist ein <strong>geplanter Parallelbetrieb<\/strong> von SAP SSO 3.0 und dem Secure Login Service. Beide Verfahren sollten f\u00fcr eine \u00dcbergangszeit koexistieren, um Stabilit\u00e4t sicherzustellen und unterschiedliche Nutzungsszenarien unter realen Bedingungen zu erproben.<\/p><p>Ebenso wichtig ist die <strong>Persistenz der Benutzer im Identity Directory Service<\/strong>, da nur Benutzer mit UUID vollst\u00e4ndig von modernen SAP-Cloud-Services profitieren k\u00f6nnen.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f4d98c9 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"f4d98c9\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">In Projekten hat sich gezeigt, dass insbesondere folgende Aspekte fr\u00fchzeitig betrachtet werden sollten:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e3f0f10 elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"e3f0f10\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-check-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Claim-Design &amp; Namenskonventionen (UPN vs. E-Mail vs. UUID)<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-check-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Laufzeiten &amp; Erneuerungslogik tempor\u00e4rer Zertifikate<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-check-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Fallback-Mechanismen zwischen SPNEGO und SAML im HTTP-Stack<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-check-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Koexistenz von Kerberos und SLS zur Risikoreduktion und Gew\u00f6hnung der Anwender<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c3a1e61 elementor-widget elementor-widget-text-editor\" data-id=\"c3a1e61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><div class=\"ewa-rteLine\"><p><strong>Auch das zugrunde liegende Sicherheitsmodell spielt eine entscheidende Rolle:<br \/><\/strong><br \/>Zero Trust umfasst weit mehr als MFA und erfordert eine konsequente Bewertung von Kontext, Device Trust und Conditional Access. Schlie\u00dflich h\u00e4ngt die Akzeptanz der Nutzer ma\u00dfgeblich davon ab, wie gut die IT die Hintergr\u00fcnde und Ziele der Ver\u00e4nderung kommuniziert.<\/p><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-224d8f8 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"224d8f8\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Architektur im \u00dcberblick<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9bc52bc elementor-widget elementor-widget-text-editor\" data-id=\"9bc52bc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Die Architektur des Secure Login Service basiert auf klar getrennten Rollen zwischen Identit\u00e4tsquelle, Policy-Layer und Zertifikatsausgabe. Dadurch entsteht ein einheitliches, Cloud-f\u00e4higes Authentifizierungsmodell, das ohne lokale Server auskommt und langfristige Zukunftssicherheit bietet.<\/p><p>Im Zentrum der Architektur steht der <strong>Identity Authentication Service,<\/strong> der als Broker und Policy-Enforcer fungiert und s\u00e4mtliche Authentifizierungsfl\u00fcsse steuert. Der Identity Directory Service gew\u00e4hrleistet die persistente Verwaltung der Benutzeridentit\u00e4ten, einschlie\u00dflich UUID beziehungsweise Global User ID.<\/p><p>F\u00fcr Provisionierung und Lifecycle-Prozesse kommt der<strong><a href=\"https:\/\/xiting.com\/de\/sap-knowledge\/identity-access-management\/ips\/\"> Identity Provisioning Service (IPS)<\/a><\/strong> mit SCIM zum Einsatz, wodurch Identit\u00e4ten konsistent \u00fcber angebundene Systeme hinweg gepflegt werden. Der Secure Login Service stellt tempor\u00e4re, nicht exportierbare Zertifikate f\u00fcr SAP GUI bereit, w\u00e4hrend der Secure Login Client als Komponente auf den Endger\u00e4ten f\u00fcr den sicheren Zugriff verantwortlich ist. Als f\u00fchrender Corporate Identity Provider dient in vielen Unternehmen Microsoft Entra ID, kann jedoch je nach Umgebung durch andere IDPs ersetzt werden.<\/p><p>Diese Architektur erm\u00f6glicht eine <strong>einheitliche Authentifizierung<\/strong> \u00fcber alle Zugriffskan\u00e4le hinweg, unterst\u00fctzt zentrale MFA- und Richtliniensteuerung und bietet konsistentes Logging in einer vollst\u00e4ndig Cloud-basierten Betriebsform \u2013 ohne lokale Server und ohne Java-Stack. Die klare funktionale Trennung zwischen Identit\u00e4tsquelle, Policy-Schicht und Zertifikatsausgabe sorgt zus\u00e4tzlich f\u00fcr langfristige Stabilit\u00e4t und Zukunftssicherheit.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-57f9bfc elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"57f9bfc\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Lizenzierung und Kostenrahmen<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dde6a70 elementor-widget elementor-widget-text-editor\" data-id=\"dde6a70\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Die Lizenzierung des<strong> Secure Login Service erfolgt \u00fcber die SAP BTP im Subscription-Modell<\/strong>. Die Kostenstruktur ist klar definiert und enth\u00e4lt bereits die zentralen Identity-Services, wodurch der operative Aufwand erheblich reduziert wird. Die Abrechnung erfolgt auf Basis von <strong>Benutzerbl\u00f6cken<\/strong> und beinhaltet alle notwendigen Komponenten f\u00fcr Betrieb und Wartung des Secure Login Service.<\/p><p><strong>Die wichtigsten Eckpunkte:<br \/><\/strong><\/p><ul><li>Subscription \u00fcber die SAP Business Technology Platform<\/li><li>Abrechnung in Bl\u00f6cken zu jeweils 500 Nutzern (circa 5.400 Euro pro Jahr)<\/li><li>IAS, IPS und IdDS sind im Paket enthalten<\/li><li>Keine lokalen Server und keine zus\u00e4tzlichen Wartungsaufw\u00e4nde<\/li><li>Lizenzierung erfolgt \u00fcber den zust\u00e4ndigen SAP Account Executive<\/li><\/ul><p>Der eigentliche wirtschaftliche Vorteil entsteht jedoch durch die <strong>Reduktion von Passwort-Resets, Helpdesk-Anfragen und Auditaufw\u00e4nden<\/strong>. Viele Unternehmen verzeichnen bereits nach kurzer Zeit deutliche Einsparungen im laufenden Betrieb.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-268b0c8 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"268b0c8\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Xiting als Partner f\u00fcr die Einf\u00fchrung des SAP Secure Login Service (SLS)<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9f4b337 elementor-widget elementor-widget-text-editor\" data-id=\"9f4b337\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Die Einf\u00fchrung des Secure Login Service ist ein strategisches Modernisierungsprojekt, das technische Expertise und ein <strong>klares Verst\u00e4ndnis f\u00fcr Zero-Trust-Architekturen<\/strong> erfordert. Xiting begleitet Unternehmen \u00fcber den gesamten Prozess hinweg \u2013 von der Analyse bis zum stabilen Zielbetrieb.<br \/>Der Wechsel von SAP SSO 3.0 oder Kerberos zum Secure Login Service ist weit mehr als ein technisches Upgrade. Er betrifft <strong>Identit\u00e4tsarchitektur, Governance, Prozesse <\/strong>und <strong>Sicherheitsrichtlinien.<\/strong> Xiting unterst\u00fctzt diesen Weg durch ein strukturiertes Vorgehen und langj\u00e4hrige Projekterfahrung. <br \/><br \/><strong>Zu unseren Leistungen geh\u00f6ren:<\/strong><\/p><ul><li>Workshops und Assessments zur Analyse der bestehenden Authentifizierungslandschaft<\/li><li>Aufbau von Proof-of-Concept-Umgebungen und Pilotierungen inklusive Parallelbetrieb<\/li><li>Unterst\u00fctzung im Rollout und in der Hypercare-Phase<\/li><li>Schulung und Enablement interner Teams<\/li><\/ul><p><strong>Wir beraten unabh\u00e4ngig und ohne Lizenzinteressen.<\/strong> Unsere Erfahrung aus zahlreichen SSO- und SLS-Projekten bildet die Grundlage f\u00fcr stabile, zukunftsf\u00e4hige und sicherheitsorientierte Architekturen. Unser Schwerpunkt liegt auf<strong> Governance, Betriebssicherheit<\/strong> und <strong>nachhaltigen IAM-Strukturen<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-92a7d5e elementor-widget elementor-widget-testimonial\" data-id=\"92a7d5e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"testimonial.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-testimonial-wrapper\">\n\t\t\t\t\t\t\t<div class=\"elementor-testimonial-content\"><p>\u201eAls wir 2010 begonnen haben, Kerberos und SNC auszurollen, war das ein Meilenstein \u2013 aber die Anforderungen an Authentifizierung haben sich massiv ver\u00e4ndert. Heute brauchen wir flexible, kontextabh\u00e4ngige Signale, MFA und Ger\u00e4tevertrauen. <br \/>Genau deshalb ist SLS der notwendige n\u00e4chste Schritt.\u201c <\/p>\n<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-testimonial-meta elementor-has-image elementor-testimonial-image-position-aside\">\n\t\t\t\t<div class=\"elementor-testimonial-meta-inner\">\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-testimonial-image\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"2560\" height=\"2560\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/01\/xitingcarsten-olt.jpg\" class=\"attachment-full size-full wp-image-7415\" alt=\"\" \/>\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-testimonial-details\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-testimonial-name\">Carsten Olt<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-testimonial-job\">IAM-Experte bei Xiting<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b9e656b elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"b9e656b\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Fazit<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d74bdfe elementor-widget elementor-widget-text-editor\" data-id=\"d74bdfe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Der Wechsel zu SAP Secure Login Service ist <strong>unvermeidbar<\/strong> \u2013 doch er ist viel mehr als eine Pflichtaufgabe. Er ist die Chance, Ihre <strong>gesamte SAP-Authentifizierung zu modernisieren<\/strong>, Zero-Trust-Prinzipien zu verankern und eine Br\u00fccke zwischen klassischer On-Prem-Welt und moderner Cloud-Identit\u00e4t zu schlagen.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a5db12 elementor-widget elementor-widget-text-editor\" data-id=\"4a5db12\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Ihre Vorteile mit SAP Secure Login Service (SLS) auf einen Blick:<\/strong><\/p><ul><li>einheitliche Authentifizierung \u00fcber GUI, Fiori, BTP<\/li><li>MFA &amp; Conditional Access auch f\u00fcr SAP GUI<\/li><li>keine Java-Stacks, keine lokale SSO-Infrastruktur<\/li><li>starke Auditf\u00e4higkeit (SIEM, zentraler Broker)<\/li><li>Reduktion von Passwort-Risiken &amp; Supportkosten<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e427848 elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"e427848\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-arrow-right\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Wer jetzt handelt, profitiert doppelt: Durch fr\u00fche Erfahrung, geringeren Druck und eine klare Sicherheitsstrategie f\u00fcr die Zukunft. Der Umstieg schafft eine langfristig tragf\u00e4hige Basis f\u00fcr SAP-Landschaften jeder Gr\u00f6\u00dfe.<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d7cd0a9 e-con-full e-flex e-con e-child\" data-id=\"d7cd0a9\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;}\">\n\t\t<div class=\"elementor-element elementor-element-67135b6 e-con-full e-flex e-con e-child\" data-id=\"67135b6\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ef6624d elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"ef6624d\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Weitere Informationen k\u00f6nnen Sie unter anderem in unserer Security Wednesday Reihe erfahren:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b79b6a5 elementor-widget__width-initial elementor-widget elementor-widget-html\" data-id=\"b79b6a5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<script src=\"https:\/\/fast.wistia.com\/player.js\" async><\/script><script src=\"https:\/\/fast.wistia.com\/embed\/fe2p0fycfg.js\" async type=\"module\"><\/script><style>wistia-player[media-id='fe2p0fycfg']:not(:defined) { background: center \/ contain no-repeat url('https:\/\/fast.wistia.com\/embed\/medias\/fe2p0fycfg\/swatch'); display: block; filter: blur(5px); padding-top:56.25%; }<\/style> <wistia-player media-id=\"fe2p0fycfg\" aspect=\"1.7777777777777777\"><div class=\"wistia_preload_transcript_outer_wrapper\" style=\"width: 100%; height: 100%; display:flex; justify-content:center; align-items: center; margin-top:-56.25%;\"><div class=\"wistia_preload_transcript_inner_wrapper\" style=\" overflow: auto;\"><p class=\"wistia_preload_transcript_text\" aria-hidden=\"true\" tabindex=\"-1\" style=\"text-align: justify; font-size: 5px !important;\">Welcome, everyone. We'll give it just another thirty seconds here before I start. Thank you for taking the time to join. We'll get started momentarily. Wait until the clock hits noon. Awesome. Let's go ahead and get started. It is noon, so I wanna be respectful of everyone's time here today. And with that, my name is Alex Manning. I am the managing consultant for the Americas division here at Exciting, and I will be the moderator for today's webinar session. Prior to getting into the topic today, I'd like to set some ground rules for the webinar. For today's webinar, all of the participants' microphones and webcams will be disabled due to the platform settings. If you have any questions during the session today, please submit them via the chat. We will do our best to address as many questions as possible at the end of the presentation. If we run out of time today, Carson will follow-up as soon as possible after the webinar and provide responses to the group. For the webinar series at Exciting, we are providing a five part webinar series. This is part three of that series. The webinar series is themed around March Madness. We're calling the series Security Madness. For those of you that may be unfamiliar with March Madness, March Madness is a college basketball tournament that occurs in March in the US, and it's one of the most exciting exporting events that occurs in March. Typically, this is due to the fact that this is a single elimination format tournament. And so with a single elimination format, this leads to a lot of, upsets. It leads to a lot of Cinderella stories and dramatic finishes, if you will. So it's a very entertaining event in March, and so we wanted to try and relate SAP security and some of the topics in that space to this event that's occurring in March. And so for security madness, and for the webinar series, even though March may be all about basketball, here at Exciting, we know where the real madness happens, and that's in cybersecurity and in SAP security. And just like in March Madness tournament, where the underdogs arise, defenses get tested, and the unexpected happens, security is a game of constant strategy, agility, and risk management. In this March Madness inspired webinar series, we'll take you through the biggest threats, the best defenses, and smart plays to keep your system secure. Because in the world of cybersecurity, every access point is a potential fast break, every vulnerability is a full court press, and bad actors are always looking for their buzzer beater moments. Join us as we break down the bracket of threats, build a winning security strategy, and help you really slam dunk your security goals this March. For today's webinar, we'll be looking at and focusing on the future of SAP SSO in the cloud era. And as SAP continues its fast break toward the cloud, the game of authentication and single sign on is rapidly evolving. Just like in March Madness where teams must adapt to new challenges and play styles, businesses today face the task of securely integrating both on premise applications and SAP cloud services without slowing down operations or leaving vulnerabilities exposed. To stay in the game, organizations need to be agile, flexible, and future proof authentication strategies, one that protects access, eliminates unnecessary friction, and ensures a seamless transition from legacy systems. This is where SAP Cloud Identification Services and SAP Secure Logon Service for SAP GUI come into play, acting as your MVP, if you will, for secure authentication in a hybrid SAP landscape. So how do you build a winning authentication strategy without getting stuck in the past? Well today to break that down for us, we have our expert on the call in SSO, Carson Ault. He is the head of the IAM division here at Exciting with over fifteen years of experience as it relates to SAP SSO. And so Carson is going to coach us through the best plays, sharing practical insights on how to run a smooth transition, eliminate weak points, and really secure your SAP environment like a championship team. And so with that, let's get ready to level up your SSO SSO game, and I'll hand over the presentation to Carson. Carson, the stage is yours. Great. Thank you, Alex. Thanks for the handover. And then all has been said. So introduction has done as well. That's great. So I'm Carsten. I'm relocated here at Exciting in Germany. Yeah. And I'll I'll also like to welcome you to this, third game in our security madness series. This time about authentication and single sign on in hybrid landscapes and how a future proof single sign on looks like today. So I've been working with single sign on since many years now. Did a lot of project in that space. And, yeah, to do to be honest, it's still my one of my favorite topics because it's highly technical. It also extends beyond, SAP. So it involves a lot of different stakeholders in such projects, like people from from SAP, people from IT, you have architects, you have networking people, you have Microsoft is involved. You see, security responsible. And that's always something new you can learn from that from that kind of projects across these different areas in an organization. And I I want also to stay up to date when it comes to the latest technologies. Yeah. That's very important and to make such projects very interesting. With that being said, let's take a look at today's agenda. Yeah. We all know that, as Alex said, SAP is moving towards cloud very fast. And also with that, authentication has evolved over the past years. And, that means a lot of customers, SAP customers, still use their sub GUI and, yeah, it's still around. But together with Fiori, with modern applications, increasing use of browser based applications like BTP services, and also soft as a service applications. And the challenge there is that you need kind of a holistic authentication in single sign on strategy and one that aligns also with the modern enterprise security requirements. And that's what we talk about today. So first of all, I'd like to cover some essential basics. I want to talk about what does, single side on really mean. So why is the first authentication step no longer controlled by SAP? So we will introduce the concept of primary authentication and also downstream authentication, and we will discuss multi factor authentication and potential risks with MFA. In the second step, we talk about what matters in modern enterprises. So, you know, we have a lot of cloud joint clients nowadays. We have virtual desktop infrastructure. We have managed devices. There's a zero trust approach anywhere, and you have a lot of new cloud based tools, identity providers that have to be integrated. So what's really a key requirement for modern workplaces today? The third chapter we talk about considerations for the implementation, but also challenges and lessons learned. So what are key requirements when it comes to implementing single sign on? And in chapter four, then it gets interesting, then we look at the single sign on solution, how they have evolved over the time, so how to achieve a seamless and secure authentication across GUI BGP software as a service applications using the SAP secure login service for SAP GUI and the SAP Cloud Identity Services. So these two services, from SAP, that's the main topic in this presentation. We talk about them. We talk about components, features. We take a look in the authentication flows as well, and then we wrap it up with an overview how it fit all together. I also provide some resources, some takeaways for that, and some links to some interesting blog articles. And then at the end, we have a Q and A session. So during the webinar, feel free to post your questions, in the chat. And maybe you have something in mind throughout the session. And we if we can't answer anything today, we can, of course, follow-up those questions afterward. Alright. So hope that's makes sense for you, and then let's start with the session and with some, introduction and and basics around around single sign on. I mean, we all know this. Imagine you start your workday, you log in to your computer, you authenticate with a password, maybe with an app, but then you sign in using sub GUI, You connect to your VPN. You access various cloud based applications, and each of those are requiring multiple authentication steps. And we also know the frustration of constantly having to log in into those systems of frequently changing the passwords. But one thing is really clear: we need to move away from password logins from these endless login screens. Makes work harder. It makes no fun at all and also introduces significant security risks. So these kind of legacy authentication models where each application manages authentication separately, manages credentials separately is no longer a modern way of authentication. It's outdated period. So we need to come up with a solution that works for both on premises cloud solutions in parallel and that's the topic for today. Today authentication has to be considered on an enterprise wide level. So whenever we talk today about SAP Single Sign On it's no longer just an SAP project. Because the system that technically really verify a user's identity, that's where the user has to authenticate once, is no longer an SAP system in the most cases. And I'll explain that in a moment what I mean by that, but for now let's make one thing clear. Single Sign On is more than just a password free login. There's a lot of, stuff behind the scenes. Yeah. Furthermore, authentication has evolved dramatically over the past decades, along, of course, with infrastructure, with security requirements, with modern applications that came up. A lot of stuff happened. A lot of authentication standards have been established throughout the years. And so today, yeah, securing GUI Fiori browser based cloud applications within a hybrid landscape is super critical. So single sign on is then the key to achieve both a secure authentication mechanism and also a seamless user experience. And that's if we break that down, let's say, for from a simple point of view, from from an end user perspective, at the end today we really have a sub GUI. Yeah. I know we all have a lot of SAP attendees today, so still you know what an SAP GUI is, and, I guess you use it every day. And we have a browser, and that's mainly it. Maybe we have some mobile devices that we use to access our applications, but if you break it down on a simple few, we use a GUI, we use a browser, we connect to our applications that are either running any brand somewhere, data center hosted whatever, or in the cloud. And we need to come up with a simple solution that covers, let's say, these basic application accesses and these protocols as well. So we come back to that picture at the end again and take a look how it looks like when we use a single sign on in this case. But for now, let's first talk a little bit about password related risks and also benefits that single sign on can bring. I think it's well known that over eighty percent of all hacking related breaches, today are caused by stolen credentials, by weak passwords. So there's a lot of crap happening when it comes to social engineering, when it comes to phishing. You know, you read it all the day. So why are we still relying on so many passwords when there are already better authentication methods available? So single sign on is the solution, and with that we can deactivate, we can remove, we can get rid of passwords. And from an SAP perspective, in the best case, we no longer have even a password as a user. And that also removes, the need for the user to manage, to remember, to to to somehow handle all these different kind of login credentials. And that solves some key challenges, and it brings a lot of benefits. Like, for example, it eliminates time consuming logins. It allows the SAP end user, but also the admins. That's a very important point. Privileged accounts, for example, no longer they need to remember multiple passwords. No longer they have to type it in, in a worst case without even using encryption. So we have a centralized credential management because login happens at a central location, which can be protected in a better way compared to many SAP systems. There's no need for introducing complex reset processes or even additional tools that help us to somehow reset our passwords. And also, single sign on improves compliance with audit with IT security requirements and, of course, allows us to use or make use of multi factor and strong authentication. So that's the idea of future authentication that is passwordless. It is using single sign on for almost any application, and we can make that future a reality for SAP hybrid environments by, yeah, digging into the already existing products and how they can work together and help you as a customer to, yeah, make use of it. But before we just, yeah, take a moment to understand the authentication flow with single sign on for those who are not dealing with that topic every day. This slide will keep it very simple. Yeah. If you want to dive deeper, feel free to reach out and check out our blogs. They dive into all the nice details, about how single sign on really works. But for now, there's something that it's called the primary authentication. So the idea of that is a user that wants to access any kind of an SAP application, normally ends up at the application server or the cloud application, whatever. You want to open a GUI, want to access to a Fiori launchpad or maybe a a kind of a cloud based application. And the idea of single sign on is that now the target application is using single sign on and has no idea who the user is at this stage. So it just tells the user I'm using single sign on, outsourcing the job of authentication is no longer my responsibility. Here, you have to go to the identity provider. Technically, that is a redirect using browser technology. So the user is now sent to another entity, And that is called, there's a term for that, the IDP, the identity provider. Yeah? So the initial authentication no longer happens within the SAP application. It is handled centrally by the IdP and that often is a non SAP component. And at this stage, it is crucial to recognize that the primary authentication is super critical because it's the only one authentication that verifies our identity. So just relying on credentials, username, password, would be no longer enough to secure or to ensure our security. So to in this case, to strengthen our primary authentication against the IDP, we also need to introduce additional factors of authentication, additional protection, and this is where multi factor authentication comes into play. It provides multiple layers. For example, we can have something that we know that's typically the first factor, username and password, but then we can introduce a second factor, For example, something that we have could be an authenticator app or a hardware token that we need to use in order to authenticate, but it can be also a third factor or a different kind of second factor. For example, a biometric like a fingerprint reader like Windows halo. Yeah. Stuff like that in combination, at least two factors. But there's more nowadays. So nowadays it's possible to not only perform multi factor authentication. So the the the idea is to check not just the user's identity, but also the authentication context. So the the information, the identity signals, the device integrity. Maybe there are lots of different policies like MDM policies that you want to check for company managed device and so on. So there's a lot of stuff possible and much better than any SAP component could do nowadays. Yeah. Because, you know, all these Microsoft tools or maybe other vendors like Okta, Ping Identity, they have focused on secure authentication. They know what to do, and and that's why the authentication should be handled by an external entity in a secure way. Okay? So now that we know we have authenticated there, we have verified our identity, maybe device as well, The IDP responds with an so called token. That's the idea that exchanges our login, our identity against the single sign on token, and that now this will will be sent to the user. So the user now gets his token to access maybe the Sudbury, the Fiori launchpad, or any kind of SAP cloud application. It forwards this token to the application, and the application then will, of course, need to check the token. So it's protected cryptographically. It has been validated. There must be checked if there's a trust between the identity provider and the SAP application. And then, of course, this token contains something to identify the user. That is the identifier that is often can be the user principal name, the email address, an employee ID, whatever. That helps to map that token to a technical user, to an application user in the SAP system, and then the user is logged in under this account and the session can start. That's how let's say primary authentication and then the downstream token based single sign on towards SAP really works, and that's doesn't matter if the application is running on prem or running in the cloud. Yeah. And the cool thing is that it's no longer matters if you use dialogue RFC like using the GUI or if you use a browser based application. It's all handled in the same way and that's really the game changer. So summarize that, we use no longer passwords. We use token based authentication instead of credentials. We no longer build own authentication. We delegate to the IDP. So SAP has no longer responded before authentication. We support with that modern Waze. We support zero trusts. We can perform device checks. We can integrate with third party solutions like maybe an Entra ID. We can make use of Intune of conditional access policies for all these nice MFA solutions or FIDO tokens. And, of course, everything is running smooth, is running in an encrypted way, using transport layer security and with strong cryptographic algorithms. But that's the idea of having a real secure holistic single sign on nowadays. In summary, primary authentication always step one. Very important. We have to protect the identity. It's not enough to just use username password. In the best case, we should use a password less authentication for this first step. And then as one as soon as we have the access token, the single sign on token, it's always considered as a downstream authentication. That is where single sign on really happens. Okay? That's a summary. So we can, using single sign on, provide access to all applications with a single login. And then applications no longer authenticate. They just verify the user's token, checking the integrity, authenticity, and so on. And everything is based on on the trust that you, of course, need to configure during the initial setup, but it's also no longer a rocket science to to set it set this kind of stuff up. Yeah. And, as we talked about the second factor, many companies believe that having MFA means they are secure, but, not all MFA methods are offering the same level of protection. For example, short message service based as MFA or SMS based MFA still widely used. I I know it by myself. Often, I work with customers, for customers, and they will be onboarding, and I just receive kind of an SMS as a second factor. I mean, you could use that, but it comes with serious risks nowadays. So hackers can intercept SMS using something called IMSI catchers that act like a kind of fake mobile tower with a stronger signal where your mobile device connects to, and then they can intercept and forward your your SMS without any issues. Yeah. They keep there are other tricks like SIM swapping and and so on. But at the end, SMS is one of the weakest authentication methods nowadays and should no longer be used. Yeah. We take a look at applications like, for example, Microsoft Authenticator, Google Authenticator, they are definitely better than compared with SMS. But are they a hundred percent safe? Answer is no. They they are not. Because even with OTP based access with one time passwords or push notifications that we most of us use nowadays, it is possible to steal credentials, via phishing attacks. So, for example, often we find ourselves in insecure public Wi Fis or, yeah, networks that we don't know, and there are a lot of bad actors that are using tools, man in the middle attacks, and proxies such as evil jinx. It's one of the worst hacking frameworks available, that allows us to steal the token. So, for example, hacker creates a fake login page that looks exactly like your Microsoft login screen, and there you enter your login credentials, your MFA, because it's forwarded to the real entity behind. You think it's real, and Evilginx just steals your access token. The the result of the proper authentication runs through the Evilginx as kind of a pass through proxy. So now the hacker has your access token and can log in without your username and password, without your MFA. As long as the token is valid, the hacker can, yeah, use your account. And since such session tokens can remain valid for hours, for even days, yeah, attackers can maintain access even after you have resetted your, maybe, your MFA process. I mean, of course, there are ways to mitigate these risks. We also use that here at exciting. So, we use conditional access. We use device based authentication. That means we can restrict logins only to trusted devices. That is first of all a very good measurement and the second is we can enable token expiration and re authentication policies. So we can reduce the validity period and we can enforce frequent authentication or re authentication. And that helps to protect. So that's still a good solution, but the most secure solution out there nowadays is really FIDO2 standard. So the passwordless authentication method that are using security keys or biometrics, like, for example, embedded in your devices. Yeah. Windows halo is one of them or even touch ID on the on the Macs. And unlike passwords or MFA or, stuff like that, FIDO must verify the real website. So it's the DNS name is embedded in the authentication process that makes phishing and that makes replay attacks impossible. So if you really want to, yeah, want to be secure and move beyond passwords, you should go for FIDO two authentication. Yeah. You should think about using FIDO two. That, of course, is supported either from your IDP side. Maybe Microsoft Entra ID supports that, but also the SAP solutions support FIDO two web authentication. I'm not talking here about any kind of hardware. Not we are not dealing with that, but it's just to let you know about a little bit more about background about these MFA technologies that are existing today in in the wide. Yeah. Alright. Short introduction about the topic in general. Now we know primary authentication, a little bit about tokens, and now let's take a look in what's changed and what organizations are really need today. So from our experience, many organizations, shifting towards centrally managed devices, stronger identity controls, as we talked before, to enhance security. So the traditional network as we know it, the boundaries of the network security model is being replaced by zero trust where identity signals, where device security matters more than just the network isolation or the Windows login. Yeah. So many companies no longer operate within a traditional perimeter where everything is neatly contained in an active directory domain like it was a decade back. Instead, authentication needs to adapt. Yeah. That's also, for example, when it comes to Kerberos authentication. Many of us or of our customers are using Kerberos authentication. It's still a good and a valid way to to to use single sign on. But these domains, these traditional Active Directory domains, they are fading more and more. You know, we see many companies that are moving to cloud only joint devices, workstations, and it marks the end of Kerberos because it's no longer there in the cloud. Azure or Android, there is no Kerberos anymore. And the shift from AD to Android also to a modern identity strategy is essential. So organizations need single sign on, they need multi factor authentication, but they also need policies like conditional access Intune talked about before. So EntraID often, at least at many of our customers, is seen as the central hub for managing user identities for device security in the cloud era. And, yeah, at the heart of all these SAP future authentication strategy is, of course, the SAP cloud identity services. It's a free foundational service, for modern single sign on. I will talk in a while about this service in more details, but, for now, just need to know that we can combine the sub GUI together with, yeah, browser based application, with cloud based application in, yeah, one way. That allows us to really, yeah, face the challenge of traditional legacy environments and combine it with modern authentication. However, we don't need to forget the traditional SAP GUI. SAPGUI is still there. It will be around for quite a while. So, we need to come up with a solution that also considers the SAPGUI. And it's a very old information you all know that, I hope so, that in the standards the dialogue, the direct protocol, and the remote function call the RFC is insecure. So it's a ASCII protocol. It's not protected on the network level. It is easy to steal credentials, to steal, information about the whole payload if you intercept the connection, if you listen to the tap, if you it's it's exposing by passwords by eavesdropping, for example. So you can say that if you log in without having any kind of security using the sub GUI, your password is sent like post postcard via the network, and anyone who is able to listen to the traffic, if it is wireless or wired, doesn't matter, can get in possession of your information like your username and password that you use to log in. So when we protect this channel using secure network communication, SNC, we can tunnel dialogue RFC in a secure way, and only then we can also allow to use token based downstream authentication, having a certificate or tokens like a Kavros token towards SAP. And we don't have to forget the GUI. That's the main point. So because all the other modern technologies are already covered with the cloud identity services. Okay. Before we take a look at the s SAP solution, I'd like to just cover some fundamentals, some project requirements, some challenges that we learned during our projects. I make it short. You can read all this or watch the recording later on anytime. That's a lot to read here. So first of all, SAP systems today are central to IT infrastructure. So they must be really secured holistically, and that means that the era of isolated approaches like silos is over it should be over, and SAP security has to be fully integrated into a enterprise wide security strategy. That's not so easy as it is said because still we have some CIOs, some IT guys that just have a look on, yeah, networking, traditional Microsoft stuff. But when it comes to SAP, they're often completely, yeah, clueless. And the challenge is raising awareness with the right stakeholders to have the c level support for such projects. Yeah. To to to, yeah, consider them to we need to enforce end to end encryption. We need to secure this hybrid SAP environments in the same way as we do for other enterprise applications. We need to shift from passwords to token based approach. That's crucial. Yeah. Because, you know, all these credential, theft, all these risks related to that, we can overcome those. And while I already told you that Kerberos is often in use, there are modern authentication methods like SAM, like OpenID Connect that allows a very much, or greater flexibility when it comes to authenticate the user. So there are zero trust models that demand stronger identity and device verification. MFA is absolutely essential. So there's a lot of stuff to consider. When it comes to end to end encryption, of course, it makes sense to start with that. So RFC dialogue, HTTP, everything has to be encrypted. Also, authentication has to be enforced at the communication level. That means also we have to consider in such projects reverse proxies, web dispatchers, kind of additional tools, VPNs. We also have to secure external access. We have to handle maybe also guests and partners, not only b two p b two p users or employees. So a lot of topics come together when you really take care of a holistic single sign on approach in in that space. And lastly, of course, the SAP common cryptographic library. It's the the the yeah, crypto library on the SAP back end side that still is required on your traditional ABAP, Netweaver, or S4HANA systems. That requires frequent updates beyond the standard patch cycle. That means we had some recent vulnerabilities that really highlighted the the need for continuous patching to prevent such security breaches. So all the keeping cipher suites updated and so on is really essential for for hardened operations of that. So it's an ongoing project. It's not just install and forget. Yeah. It's always you have to clean up after introducing signals and on. You have to get rid of passwords. You have to disable old legacy methods like some log on tickets, and then you have to also stay clean and regularly check if yeah. Check your check your environment and and, make sure you can stay stay clean in that that setup. Okay. Now let's take a look at the evolution from past to present. And, yeah, if we talk about the present, we have to talk about the BTP, as you can imagine. So it is always SAP sees the business technology platform and the portfolio around as the core. And one of the suit qualities, as we can see here, is a consistent security and identity management. And if we take a look at the CIO guide from SAP that you or some of you may be familiar with, there is one document that's called CIO guide about identity and access management. It's a very nice resource, by the way, for decision makers, for architects, for c level responsible. And there, you will find lots of information about the approach of SAP to standardize, authentication and identity management and using the cloud identity services, of course, which is a game changer as it now allows, yeah, subauthentication to fully align with a corporate IT policy just like it is for any other enterprise application. And that ensures a seamless login, secure access to GUI, to Fiori, to cloud based applications, and, of course, it simplifies the identity management or identity access management in the overall point of view. I know single sign on authentication is one part of a IAM, and I will talk about the identity services now in a minute. So really can recommend to take a look here in this CIO guide because it really underscores the importance of standardization, for I'm processes and and centralization of authentication as well. So I decided to use a different picture now, and compared with the one that we already are using all the time. So this one is from SAP. It's a very, very, current one, updated one. If you take a look here, you can see that the cloud identity services in general, let's start this way, is a group of BTP of Business Technology Platform services that allows you to integrate identity and access management between systems. So we have your applications here that is doesn't matter if this is cloud or on premise. Mainly we talk about SAP applications in the BTP, software as a service applications, or any prem. Yeah? And then we have four main services when it comes to the cloud identity services. The first one is the identity authentication service. That one is responsible for authentication and single sign on as the name implies. That's also called IAS. In contrast, the IPS or the identity provisioning service, that's the one who manages the identity life cycle, so including users and groups. You know, these are these SCIM based operations where you create, change, delete, update your user information throughout your application ecosystem. We have the identity directory that is more or less a central place for storing and managing users, groups, and nowadays also authorizations. And then there's a very new service that's called the AMS or authorization management service that's still in the works, I would say, that enables administrators to refine authorization policies or attribute based authorization policies for and that's mainly that's important for BTP based applications, so for CAP applications, but also for for the, secure, accessing the the the Cloud Identity Services administration console. So you can better refine access controls within the application, of the Cloud Identity Services. So it's a service that's integrated, that's bundled with many solutions from from SAP, that's pre configured very often. So you receive this at no cost, at no additional cost. So for example, it comes with success factors, or it is free if you are already a BTP customer. So as soon as you have your contract, your global account, let's say, with SAP, you are allowed to use two tenants of this Cloud Identity services with no additional cost. And you can connect any cloud application from SAP and any on premise application from SAP there to manage your identity life cycle and to manage your authentication, and that's a good point. Yeah? So it is really it's essential in the overall setup. It is seen as a backbone for an IAM architecture. Yeah? SAP solutions integrate with that tool. For example, when it comes to authentication, IAS can integrate with an existing identity provider. So you no not have to authenticate here. You just forward your federate again to your Microsoft or to your whatever kind of third party solution you may have. Also, the user information is directly read from the central user store, from the identity directory service, or you can integrate an existing user store using the SCIM protocol, because this identity directory is also an API. You can connect to it using the SCIM API, and you can provision information from any kind of third party system to that system. So cloud identity service has a lot of functionalities, IAM functionalities built in, I have to say. But it's important to understand that are not that they are not aiming to replace a full featured identity and access management tool. That's not possible because many customers use that as a broker. Let's say they appreciate that identity services can be easily integrated. They they can use an identity provider. They can connect with an IAM tool of choice, and it reduces the efforts to manage and configure each single application manually or to even develop custom connectors when it comes to I'm to provision kind of cloud systems. Systems. Yeah? Managing all these JSON data transformations for each system. That's the idea of having this central hub, this cloud identity services in between. So it's for IAM in general, but here this presentation, the focus is on the authentication part, of course. Hope that makes it a little bit more clearer. Yeah. If we now talk about the single sign on back and now back then and now, we have to take a look on the SAP single sign on three point zero that certainly a lot of, SAP customers use nowadays. As we all know, a lot of projects will be, products will be end of maintenance, end of twenty twenty seven. That seems to be a doomsday for SAP customers. That means also it's, yeah, it's the product single sign on three. It will end, in, yeah, twenty twenty seven. We go out of maintenance mainly because it is using an underlying SAP NetViper as Java. And there's already a successor solution taking center stage. It's already there since last year, since twenty twenty three. Sorry. And that's the Secure Login Service for SAP GUI. That's really the product name, Secure Login Service for SAP GUI. It's a long name. And as the name implies, you can hear from that, it's a service for the SAP GUI. Because, you know, all the other applications today, they are handled already by using Cloud Identity services. So this service is not relying anymore on any kind of on premise component. So you no longer need the secure login server on the IS Java. Instead, it is consuming a BTP service. So all the functionalities have been transferred to the cloud. And I don't come up with a lot of SAP slides here, so you can find solution brief, release blocks, very good overview presentation, and a great article on the sub community about the whole flow and create YouTube video as well. Yeah. If you want to dive deeper into comparing single sign on three with the new solution, you can also read our deep dive blog on LinkedIn. It's a perfect resource to learn more, and it covers almost any information in this webinar, I would say. But, of course, we take a look a little bit a look on the components and then on the authentication flow. First of all, we still, of course, have a component that will be installed on the client side. So it is the so called secure login client that we all know from single sign on three that can be installed on Windows computers and on macOS. And, of course, we still have on the SAP side, on the back end side, on traditional s four systems. For example, we have the SAP common cryptolib, which still is the crypto library that handles all the SNC'd parts. So nothing has changed much on the client and on the back end. That's the good news. The the most, will happen on the BTP side. So it is the case that it's running as a service, as an instance on one dedicated, for example, a Cloud Foundry subaccount within your environment. So you can span up an instance of the secure login service for SAP GUI there, and it integrates it must integrate with an identity authentication service tenant. So they work together. So let's take a look. Makes makes it more clear at the whole chain. So there are a lot of entities involved in order to get our single sign on token. But, basically, the idea of of this is that the user is trying to access a NetWeaver application server or an Sfour system that runs maybe on sorry, on prem, but it must not be on prem. It can be also in the in the private cloud. It can be hosted by SAP with rides with SAP. It can be whatever kind of any prem system. As long as the user reaches the system using his sub GUI. Okay? So at this time, user has no token. So the idea is that now the secure login client comes into the game. And now the big the big change happens. A SecureLogin client now has an embedded browser. That's absolutely new now. So that means that the authentication no longer happens against any kind of on prem system, but it goes to your instance of the secure login service running in the BTP. And in turn, that service receives a request from a user. It's still an anonymous, and the user, must authenticate. So identity authentication service will authenticate the user here at this stage, or much better, it forwards again this request to your corporate IDP. In this example, it is a Microsoft Entra ID, but it can be any identity provider. Yeah. And here in step four, the primary authentication happens again. So all the nice features we talked about, like MFA, like device checking, like policies that you can perform, checks that you perform here, happens all in the corporate identity provider side, and the hopefully successful result will be transferred back to the IAS, will be transferred back to the service. And then there is another component as you can see. It's kind of the SAP trust center in the cloud. It's a managed service from SAP that technically issues the user certificate. So once this has been checked, authentication is successful, this service issues the certificate, which is a short lived, normally a day day daily certificate that comes back to the user's secure login client and then can be used for the SNC session in order to authenticate using single sign on based on SNC with a certificate. And that means, of course, now the primary authentication can be interactive. So you have to do something. You have to maybe use your authenticator to log in. It can be fully automated without even knowing that all these components are involved. You just click on your sub GUI, you're logged in. But you also can do more. You can maybe check for specific systems, have a different policy for for specific users, groups, systems where you enforce other kind of security mechanisms or enforce a stronger way of authentication. So it's absolutely flexible, and you can do a lot of a lot of stuff with that. Yeah. It by the way, it might I mean, I should, just mention that you can still use Kerberos with that, secure login service for SAP GUI. So this the client component is still capable of authenticating the user based on Kerberos the same way as the old solution. So you can easily transition. You can migrate to this new solution because the back end logic and the front end or the client is unchanged. Yeah. So a parallel operation is possible, and you can control the switch between the old and the new solution. And we already did that. So we already did quite a few successful projects and migrations with the new service. That's absolutely, not a not a big deal. So, yeah, that that all these these information about using such a lean cloud service, getting a short lived certificate that is issued built on top of the cloud identity services, on the identity authentication service, is really essential because it allows us to harmonize the flow using either sub GUI or any kind of cloud browser based applications. We have the same kind of login. Yeah. It's no longer separated, and that is really the game changer here. So from the user experience point of view, the initial authentication is always the same no matter which client he uses, yeah, to access the application. And that really increases user acceptance, and and it reduces a lot of complexity. So let's just summarize that. Let's take a look at, a very simple view again. But now we see there's a user, and that user either has a sub GUI or has a browser or mobile device, and he wants to access an SAP application anywhere. Yeah? Cloud on prem. Doesn't matter. And mainly, there are two ways. It's one ways could be dialogue RC based. That's not just the sub log on. There are other tools that use dialogue RC as well. Or it's just the HTTP HTTP application trans transformed securely via TLS. The idea of these applications is outsource the job, delegate to the identity authentication service in the BTP. Here the trust is already established or you can establish a trust during the setup. And then in turn, if you want, the IAS can again federate and outsource delegate outsource the authentication to an identity provider of choice. That can be any identity provider. Yeah? So it's also important to mention that you can have multiple identity providers connected to the IAS. For example, if you want to separate between b two b processes and maybe connect or federate with some partners or external, kind of business partners, whatever. So you can have multiple multiple, IDPs connected to your identity service. Let's come back to that picture. We we have, seen at the very beginning. Now we have the same point of view, and now we place in the middle in between the cloud identity services as a central hub, as a central, BTP service where every connection has to go through. Yeah. So mainly, we are using OpenID Connect, SAML two, and certificate based authentication. These are the three main technologies that we really use when it comes to Cloud Identity services in combination with the secure login service that we need because we still have SAP GUI. If you no longer have a SAP GUI in in use in your organization, that's not a problem. Then you just need the Cloud Identity Services. Yeah. Then Cloud Identity Services, again, most of the time, they integrate with an existing corporate IDP, and you can make use of all these nice features. That's mainly it. So that's what I wanted to tell you with that webinar, how easy and how simple it can look like. There's a lot of additional stuff. I don't go through these slides. No. Like, benefits of single sign on. We talked about that. I have some useful information about the secure login service, some pricing information, some some recommended procedures, yeah, the the steps that you can go through. You can all find it also in our blogs and articles. And there are a lot of nice articles. I have just provided you with a collection of those. There's one I've highlighted that I really recommend to read. And with that, we are just looking forward to your questions, maybe. Don't forget we have two two games left, game four, game five, when it comes to XCP and or exciting platform, security platform, XSP. And, yeah, with that being said, thank you for your attention, and I'm open now for q and a. We have five minutes left, and let's see if we have some questions in the chat. How does it look like? Yeah. Thank you so much for the presentation here. And just to look at some of the questions that we have in the chat, one question that we have is looking at the old world, are we able to manage HANA Studio and Eclipse access with single sign on? Is that something that you're aware of? HANA Studio, is still a special special application. Yeah. It's HANA cockpit. It's no problem. HANA studio, I have already integrated it with Kerberos authentication. But as far as I know, SAML should be supported there as well for the studio. What was the other tool? Eclipse, which is that ABAP development tool. ABAP for Eclipse is, as far as I know, it's an RFC based, front end application that can be tunneled through SNC and then works the same way like a sub GUI connection. So you can use make use of the new secure login service for that. Awesome. Thank you, for that response. Another question that we have in the chat is, how will authentication mechanisms work for nonhuman identities in the future? Well, nonhuman identities, NHI, I know this topic, but, honestly, that's not our focus. We focus here on business to business scenarios on a user, point of view, on a user centric point of view. Nonhuman identities like smart devices and all the other stuff like embedded industrial devices, of course, they need to also work with proper ways to authenticate and, yeah, there are a lot of ideas about how to handle that, and and also certificate vendors that, are in this game. But it's not our our main domain, so I would like to skip that question because I can't really tell you more about that. Okay? That's fair. No. That's fair, and, thank you for the response. At this time, I I don't see any other questions in the chat. Those were the only two, that I have at this point in time. Let me just refresh and double check. I mean, if you have some questions, just let me know. And any any at any time, you can also send us an email or contact me directly. No problem. Yeah. Thanks. Awesome. To be here today. Well, I think with that, we'll we'll call the we'll call it there for today. Thank you so much for taking the time to join today, everyone, and I I hope everyone has a great rest of their week. Alright. Thanks, Hugh. Thanks, everybody. Have a nice day. Bye bye.<\/p><\/div><\/div><\/wistia-player>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-70d26a1 e-con-full e-flex e-con e-child\" data-id=\"70d26a1\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-acbba96 e-con-full e-flex e-con e-child\" data-id=\"acbba96\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-0e7945a elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"0e7945a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Starten Sie mit einem Discovery-Workshop<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-86dcfba elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"86dcfba\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"elementor-heading-title elementor-size-default\">Wir analysieren Ihre aktuelle SSO-Landschaft, entwerfen das Zielbild und planen die Roadmap.<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8358bfc elementor-widget__width-initial elementor-widget elementor-widget-image\" data-id=\"8358bfc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2023\/08\/xitingcarsten-olt-scaled-1-150x150.jpg\" class=\"attachment-thumbnail size-thumbnail wp-image-32215\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2023\/08\/xitingcarsten-olt-scaled-1-150x150.jpg 150w, https:\/\/xiting.com\/wp-content\/uploads\/2023\/08\/xitingcarsten-olt-scaled-1-300x300.jpg 300w, https:\/\/xiting.com\/wp-content\/uploads\/2023\/08\/xitingcarsten-olt-scaled-1-1024x1024.jpg 1024w, https:\/\/xiting.com\/wp-content\/uploads\/2023\/08\/xitingcarsten-olt-scaled-1-768x768.jpg 768w, https:\/\/xiting.com\/wp-content\/uploads\/2023\/08\/xitingcarsten-olt-scaled-1-1536x1536.jpg 1536w, https:\/\/xiting.com\/wp-content\/uploads\/2023\/08\/xitingcarsten-olt-scaled-1-2048x2048.jpg 2048w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5868864 elementor-widget elementor-widget-heading\" data-id=\"5868864\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Carsten Olt<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6968873 elementor-widget elementor-widget-heading\" data-id=\"6968873\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Head of Identity &amp; Access Management <\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6e055f4 elementor-align-center elementor-widget__width-initial elementor-widget elementor-widget-button\" data-id=\"6e055f4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"mailto:info@xiting.com\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-envelope\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Unverbindlich beraten lassen<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2797333 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"2797333\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Weitere Informationen k\u00f6nnen Sie unter anderem in unserer Security Wednesday Reihe erfahren:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7a91745 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"7a91745\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">FAQ<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2698148 elementor-widget elementor-widget-n-accordion\" data-id=\"2698148\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;max_items_expended&quot;:&quot;multiple&quot;,&quot;default_state&quot;:&quot;expanded&quot;,&quot;n_accordion_animation_duration&quot;:{&quot;unit&quot;:&quot;ms&quot;,&quot;size&quot;:400,&quot;sizes&quot;:[]}}\" data-widget_type=\"nested-accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"e-n-accordion\" aria-label=\"Accordion. Open links with Enter or Space, close with Escape, and navigate with Arrow Keys\">\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-4040\" class=\"e-n-accordion-item\" open>\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"1\" tabindex=\"0\" aria-expanded=\"true\" aria-controls=\"e-n-accordion-item-4040\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Was ist der SAP Secure Login Service? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-4040\" class=\"elementor-element elementor-element-670f894 e-con-full e-flex e-con e-child\" data-id=\"670f894\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5360bfa elementor-widget elementor-widget-text-editor\" data-id=\"5360bfa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Der SAP Secure Login Service ist der Cloud-basierte Nachfolger von SAP Single Sign-On 3.0. SLS stellt kurzlebige, nicht exportierbare X.509-Zertifikate f\u00fcr die SAP GUI bereit und integriert moderne Sicherheitsanforderungen wie MFA, Conditional Access und Ger\u00e4tevertrauen.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-4041\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"2\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-4041\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Warum l\u00e4uft SAP Single Sign-On 3.0 aus? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-4041\" class=\"elementor-element elementor-element-34fe2bf e-con-full e-flex e-con e-child\" data-id=\"34fe2bf\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7310b3b elementor-widget elementor-widget-text-editor\" data-id=\"7310b3b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Die Wartung von SAP SSO 3.0 und des zugrunde liegenden NetWeaver AS Java endet am 31. Dezember 2027. Damit entf\u00e4llt die technische Basis f\u00fcr den Secure Login Server, sodass eine Migration auf SLS notwendig wird.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-4042\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"3\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-4042\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Wie unterscheidet sich SLS von Kerberos? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-4042\" class=\"elementor-element elementor-element-3f90b22 e-con-full e-flex e-con e-child\" data-id=\"3f90b22\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ea5053f elementor-widget elementor-widget-text-editor\" data-id=\"ea5053f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Kerberos ist nicht Zero Trust f\u00e4hig, da keine MFA-Pr\u00fcfung und keine Kontextbewertung in Echtzeit m\u00f6glich sind. SLS nutzt kurzlebige Zertifikate, die zentral gesteuert werden und sich in Cloud-Identit\u00e4tsstrukturen integrieren lassen.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-4043\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"4\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-4043\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Welche Vorteile bietet SLS f\u00fcr SAP GUI? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-4043\" class=\"elementor-element elementor-element-75bbfc0 e-con-full e-flex e-con e-child\" data-id=\"75bbfc0\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-246d89b elementor-widget elementor-widget-text-editor\" data-id=\"246d89b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>SLS bringt SAP GUI in ein modernes Authentifizierungsmodell. Dazu z\u00e4hlen MFA, ger\u00e4tebasierte Sicherheit, zentrale Richtlinien, konsistentes Logging und ein Betrieb ohne lokale Server.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-4044\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"5\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-4044\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Kann SAP SSO 3.0 parallel zu SLS betrieben werden? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-4044\" class=\"elementor-element elementor-element-8cfe99d e-con-full e-flex e-con e-child\" data-id=\"8cfe99d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3f52bc8 elementor-widget elementor-widget-text-editor\" data-id=\"3f52bc8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Ja. Ein geplanter Parallelbetrieb ist \u00fcblich und reduziert Migrationsrisiken. Kerberos und SLS k\u00f6nnen koexistieren, solange der Secure Login Client entsprechend eingerichtet ist.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-4045\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"6\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-4045\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Wie wird der Secure Login Service lizenziert? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-4045\" class=\"elementor-element elementor-element-3cc3062 e-con-full e-flex e-con e-child\" data-id=\"3cc3062\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ba0ae69 elementor-widget elementor-widget-text-editor\" data-id=\"ba0ae69\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Die Lizenzierung erfolgt \u00fcber die SAP BTP und wird in 500-User-Bl\u00f6cken abgerechnet. IAS, IPS und IdDS sind im Leistungsumfang enthalten.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-4046\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"7\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-4046\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Welche Rolle spielt der Identity Authentication Service (IAS)? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-4046\" class=\"elementor-element elementor-element-e9e4b3c e-con-full e-flex e-con e-child\" data-id=\"e9e4b3c\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-afa9ec4 elementor-widget elementor-widget-text-editor\" data-id=\"afa9ec4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>IAS dient als zentraler Authentifizierungsbroker und vermittelt zwischen Corporate IDP und SAP-Systemen. SLS ist eng in diese Architektur eingebettet.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-4047\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"8\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-4047\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Welche Voraussetzungen m\u00fcssen erf\u00fcllt sein? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-4047\" class=\"elementor-element elementor-element-c682860 e-con-full e-flex e-con e-child\" data-id=\"c682860\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c38a910 elementor-widget elementor-widget-text-editor\" data-id=\"c38a910\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Unternehmen ben\u00f6tigen einen IAS-Tenant, eine Anbindung an den Corporate IDP und die Installation des Secure Login Clients. Persistente Identit\u00e4ten im Identity Directory Service verbessern die Interoperabilit\u00e4t mit SAP-Cloud-Services.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<script type=\"application\/ld+json\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"Was ist der SAP Secure Login Service?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Der SAP Secure Login Service ist der Cloud-basierte Nachfolger von SAP Single Sign-On 3.0. SLS stellt kurzlebige, nicht exportierbare X.509-Zertifikate f\\u00fcr die SAP GUI bereit und integriert moderne Sicherheitsanforderungen wie MFA, Conditional Access und Ger\\u00e4tevertrauen.\"}},{\"@type\":\"Question\",\"name\":\"Warum l\\u00e4uft SAP Single Sign-On 3.0 aus?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Die Wartung von SAP SSO 3.0 und des zugrunde liegenden NetWeaver AS Java endet am 31. Dezember 2027. Damit entf\\u00e4llt die technische Basis f\\u00fcr den Secure Login Server, sodass eine Migration auf SLS notwendig wird.\"}},{\"@type\":\"Question\",\"name\":\"Wie unterscheidet sich SLS von Kerberos?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Kerberos ist nicht Zero Trust f\\u00e4hig, da keine MFA-Pr\\u00fcfung und keine Kontextbewertung in Echtzeit m\\u00f6glich sind. SLS nutzt kurzlebige Zertifikate, die zentral gesteuert werden und sich in Cloud-Identit\\u00e4tsstrukturen integrieren lassen.\"}},{\"@type\":\"Question\",\"name\":\"Welche Vorteile bietet SLS f\\u00fcr SAP GUI?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"SLS bringt SAP GUI in ein modernes Authentifizierungsmodell. Dazu z\\u00e4hlen MFA, ger\\u00e4tebasierte Sicherheit, zentrale Richtlinien, konsistentes Logging und ein Betrieb ohne lokale Server.\"}},{\"@type\":\"Question\",\"name\":\"Kann SAP SSO 3.0 parallel zu SLS betrieben werden?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Ja. Ein geplanter Parallelbetrieb ist \\u00fcblich und reduziert Migrationsrisiken. Kerberos und SLS k\\u00f6nnen koexistieren, solange der Secure Login Client entsprechend eingerichtet ist.\"}},{\"@type\":\"Question\",\"name\":\"Wie wird der Secure Login Service lizenziert?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Die Lizenzierung erfolgt \\u00fcber die SAP BTP und wird in 500-User-Bl\\u00f6cken abgerechnet. IAS, IPS und IdDS sind im Leistungsumfang enthalten.\"}},{\"@type\":\"Question\",\"name\":\"Welche Rolle spielt der Identity Authentication Service (IAS)?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"IAS dient als zentraler Authentifizierungsbroker und vermittelt zwischen Corporate IDP und SAP-Systemen. SLS ist eng in diese Architektur eingebettet.\"}},{\"@type\":\"Question\",\"name\":\"Welche Voraussetzungen m\\u00fcssen erf\\u00fcllt sein?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Unternehmen ben\\u00f6tigen einen IAS-Tenant, eine Anbindung an den Corporate IDP und die Installation des Secure Login Clients. Persistente Identit\\u00e4ten im Identity Directory Service verbessern die Interoperabilit\\u00e4t mit SAP-Cloud-Services.\"}}]}<\/script>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-80986d1 elementor-section-stretched elementor-section-height-min-height elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"80986d1\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;stretch_section&quot;:&quot;section-stretched&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0dc601e\" data-id=\"0dc601e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-af1cbc4 elementor-widget elementor-widget-heading\" data-id=\"af1cbc4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Bleiben Sie auf dem Laufenden<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-55aa83e elementor-widget elementor-widget-heading\" data-id=\"55aa83e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Melden Sie Sich zu dem Newsletter an, um weitere Informationen zu erhalten.<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b979128 elementor-align-center elementor-widget elementor-widget-button\" data-id=\"b979128\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm elementor-animation-grow\" href=\"https:\/\/xiting.com\/de\/anmeldung-zum-xiting-newsletter\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-long-arrow-alt-right\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Anmeldung zum Newsletter<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3a99b1a elementor-widget elementor-widget-heading\" data-id=\"3a99b1a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Folgen Sie @Xiting und @xiting.global auf den Sozialen Medien.<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-c6ae058 e-flex e-con-boxed e-con e-parent\" data-id=\"c6ae058\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4e337f6 elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"4e337f6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<a class=\"elementor-icon\" href=\"https:\/\/twitter.com\/XitingIT\">\n\t\t\t<i aria-hidden=\"true\" class=\"fab fa-x-twitter\"><\/i>\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d81ccca elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"d81ccca\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<a class=\"elementor-icon\" href=\"https:\/\/www.linkedin.com\/company\/xiting\/\">\n\t\t\t<i aria-hidden=\"true\" class=\"fab fa-linkedin-in\"><\/i>\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fec8588 elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"fec8588\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<a class=\"elementor-icon\" href=\"https:\/\/www.instagram.com\/xiting.global\/\">\n\t\t\t<i aria-hidden=\"true\" class=\"fab fa-instagram\"><\/i>\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>SAP SSO 3.0 endet 2027. Der SAP Secure Login Service ist der strategische Nachfolger f\u00fcr SAP GUI und Cloud-Zugriffe. Der Artikel zeigt, wie Unternehmen Zero-Trust-Anforderungen umsetzen und ihre SAP-Authentifizierung modernisieren.<\/p>\n","protected":false},"author":87,"featured_media":33695,"parent":43057,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"elementor_header_footer","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[1821],"class_list":["post-58700","page","type-page","status-publish","has-post-thumbnail","hentry","category-identity-and-access-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.2 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SAP SSO 3.0 Abl\u00f6sung: Migration zu SAP Secure Login Service<\/title>\n<meta name=\"description\" content=\"Erfahren Sie, wie der SAP Secure Login Service eine Zero-Trust-f\u00e4hige Authentifizierung f\u00fcr SAP GUI, Fiori und BTP erm\u00f6glicht.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP SSO 3.0 Abl\u00f6sung: Migration zu SAP Secure Login Service (SLS)\" \/>\n<meta property=\"og:description\" content=\"Der SAP Secure Login Service als strategischer Nachfolger f\u00fcr SAP GUI und Cloud-Zugriffe.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XitingAG\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-16T09:59:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiting.com\/wp-content\/uploads\/2024\/01\/sap-hana-db-data-masking.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"1199\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Von SAP Single Sign-On 3.0 (SSO) zu SAP Secure Login Service (SLS)\" \/>\n<meta name=\"twitter:description\" content=\"SAP SSO 3.0 endet 2027. Der SAP Secure Login Service ist der strategische Nachfolger f\u00fcr SAP GUI und Cloud-Zugriffe. Der Artikel zeigt, wie Unternehmen Zero-Trust-Anforderungen umsetzen und ihre SAP-Authentifizierung modernisieren.\" \/>\n<meta name=\"twitter:label1\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data1\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/\"},\"author\":{\"name\":\"Sabrina Schuller\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#\\\/schema\\\/person\\\/6a1693dd60d86a0e5176bae9591bba6d\"},\"headline\":\"Von SAP Single Sign-On 3.0 (SSO) zu SAP Secure Login Service (SLS)\",\"datePublished\":\"2026-03-12T08:57:54+00:00\",\"dateModified\":\"2026-03-16T09:59:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/\"},\"wordCount\":10872,\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/sap-hana-db-data-masking.jpg\",\"articleSection\":[\"Identity and Access Management\"],\"inLanguage\":\"de-DE\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/\",\"name\":\"SAP SSO 3.0 Abl\u00f6sung: Migration zu SAP Secure Login Service\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/sap-hana-db-data-masking.jpg\",\"datePublished\":\"2026-03-12T08:57:54+00:00\",\"dateModified\":\"2026-03-16T09:59:48+00:00\",\"description\":\"Erfahren Sie, wie der SAP Secure Login Service eine Zero-Trust-f\u00e4hige Authentifizierung f\u00fcr SAP GUI, Fiori und BTP erm\u00f6glicht.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/#breadcrumb\"},\"inLanguage\":\"de-DE\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/sap-hana-db-data-masking.jpg\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/sap-hana-db-data-masking.jpg\",\"width\":1800,\"height\":1199},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/migration-sap-sso-3-0-zu-sap-secure-login-service\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/xiting.com\\\/de\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Knowledge\",\"item\":\"https:\\\/\\\/xiting.com\\\/de\\\/sap-knowledge\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Von SAP Single Sign-On 3.0 (SSO) zu SAP Secure Login Service (SLS)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/xiting.com\\\/de\\\/\",\"name\":\"Xiting\",\"description\":\"Your Expert for SAP Security\",\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xiting.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de-DE\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#organization\",\"name\":\"Xiting\",\"url\":\"https:\\\/\\\/xiting.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/xiting-logo.svg\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/xiting-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Xiting\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XitingAG\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/1345129\\\/\",\"https:\\\/\\\/www.instagram.com\\\/xiting.global\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#\\\/schema\\\/person\\\/6a1693dd60d86a0e5176bae9591bba6d\",\"name\":\"Sabrina Schuller\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dd7a2cda8dd272597b32ad37a2415380e2a249b90bb4082f858bd6631e4b2b7f?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dd7a2cda8dd272597b32ad37a2415380e2a249b90bb4082f858bd6631e4b2b7f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dd7a2cda8dd272597b32ad37a2415380e2a249b90bb4082f858bd6631e4b2b7f?s=96&d=mm&r=g\",\"caption\":\"Sabrina Schuller\"},\"url\":\"https:\\\/\\\/xiting.com\\\/de\\\/author\\\/sschuller\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP SSO 3.0 Abl\u00f6sung: Migration zu SAP Secure Login Service","description":"Erfahren Sie, wie der SAP Secure Login Service eine Zero-Trust-f\u00e4hige Authentifizierung f\u00fcr SAP GUI, Fiori und BTP erm\u00f6glicht.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/","og_locale":"de_DE","og_type":"article","og_title":"SAP SSO 3.0 Abl\u00f6sung: Migration zu SAP Secure Login Service (SLS)","og_description":"Der SAP Secure Login Service als strategischer Nachfolger f\u00fcr SAP GUI und Cloud-Zugriffe.","og_url":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/","og_site_name":"Xiting","article_publisher":"https:\/\/www.facebook.com\/XitingAG","article_modified_time":"2026-03-16T09:59:48+00:00","og_image":[{"width":1800,"height":1199,"url":"https:\/\/xiting.com\/wp-content\/uploads\/2024\/01\/sap-hana-db-data-masking.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_title":"Von SAP Single Sign-On 3.0 (SSO) zu SAP Secure Login Service (SLS)","twitter_description":"SAP SSO 3.0 endet 2027. Der SAP Secure Login Service ist der strategische Nachfolger f\u00fcr SAP GUI und Cloud-Zugriffe. Der Artikel zeigt, wie Unternehmen Zero-Trust-Anforderungen umsetzen und ihre SAP-Authentifizierung modernisieren.","twitter_misc":{"Gesch\u00e4tzte Lesezeit":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/#article","isPartOf":{"@id":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/"},"author":{"name":"Sabrina Schuller","@id":"https:\/\/xiting.com\/de\/#\/schema\/person\/6a1693dd60d86a0e5176bae9591bba6d"},"headline":"Von SAP Single Sign-On 3.0 (SSO) zu SAP Secure Login Service (SLS)","datePublished":"2026-03-12T08:57:54+00:00","dateModified":"2026-03-16T09:59:48+00:00","mainEntityOfPage":{"@id":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/"},"wordCount":10872,"publisher":{"@id":"https:\/\/xiting.com\/de\/#organization"},"image":{"@id":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2024\/01\/sap-hana-db-data-masking.jpg","articleSection":["Identity and Access Management"],"inLanguage":"de-DE"},{"@type":"WebPage","@id":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/","url":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/","name":"SAP SSO 3.0 Abl\u00f6sung: Migration zu SAP Secure Login Service","isPartOf":{"@id":"https:\/\/xiting.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/#primaryimage"},"image":{"@id":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2024\/01\/sap-hana-db-data-masking.jpg","datePublished":"2026-03-12T08:57:54+00:00","dateModified":"2026-03-16T09:59:48+00:00","description":"Erfahren Sie, wie der SAP Secure Login Service eine Zero-Trust-f\u00e4hige Authentifizierung f\u00fcr SAP GUI, Fiori und BTP erm\u00f6glicht.","breadcrumb":{"@id":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/#breadcrumb"},"inLanguage":"de-DE","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/"]}]},{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/#primaryimage","url":"https:\/\/xiting.com\/wp-content\/uploads\/2024\/01\/sap-hana-db-data-masking.jpg","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2024\/01\/sap-hana-db-data-masking.jpg","width":1800,"height":1199},{"@type":"BreadcrumbList","@id":"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiting.com\/de\/"},{"@type":"ListItem","position":2,"name":"SAP Knowledge","item":"https:\/\/xiting.com\/de\/sap-knowledge\/"},{"@type":"ListItem","position":3,"name":"Von SAP Single Sign-On 3.0 (SSO) zu SAP Secure Login Service (SLS)"}]},{"@type":"WebSite","@id":"https:\/\/xiting.com\/de\/#website","url":"https:\/\/xiting.com\/de\/","name":"Xiting","description":"Your Expert for SAP Security","publisher":{"@id":"https:\/\/xiting.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiting.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de-DE"},{"@type":"Organization","@id":"https:\/\/xiting.com\/de\/#organization","name":"Xiting","url":"https:\/\/xiting.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/xiting.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/08\/xiting-logo.svg","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/08\/xiting-logo.svg","width":1,"height":1,"caption":"Xiting"},"image":{"@id":"https:\/\/xiting.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XitingAG","https:\/\/www.linkedin.com\/company\/1345129\/","https:\/\/www.instagram.com\/xiting.global\/"]},{"@type":"Person","@id":"https:\/\/xiting.com\/de\/#\/schema\/person\/6a1693dd60d86a0e5176bae9591bba6d","name":"Sabrina Schuller","image":{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/secure.gravatar.com\/avatar\/dd7a2cda8dd272597b32ad37a2415380e2a249b90bb4082f858bd6631e4b2b7f?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/dd7a2cda8dd272597b32ad37a2415380e2a249b90bb4082f858bd6631e4b2b7f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/dd7a2cda8dd272597b32ad37a2415380e2a249b90bb4082f858bd6631e4b2b7f?s=96&d=mm&r=g","caption":"Sabrina Schuller"},"url":"https:\/\/xiting.com\/de\/author\/sschuller\/"}]}},"_links":{"self":[{"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/pages\/58700","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/users\/87"}],"replies":[{"embeddable":true,"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/comments?post=58700"}],"version-history":[{"count":10,"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/pages\/58700\/revisions"}],"predecessor-version":[{"id":59107,"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/pages\/58700\/revisions\/59107"}],"up":[{"embeddable":true,"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/pages\/43057"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/media\/33695"}],"wp:attachment":[{"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/media?parent=58700"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/categories?post=58700"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}