Secure Authentication: Areas of Expertise

Area of SSO Expertise | On-Premise

SAP Single Sign-On 3.0 and SNC Client Encryption 2.0 including migration support from third-party SNC solutions
Holistic advice on all common SSO standards and their correct use in the SAP environments
Encryption of SAP communication protocols and interfaces using Secure Network Communications (SNC) and Transport Layer Security (TLS)
Hardening your CommonCryptoLib and SSO related profile parameters
Implementing communication security and single sign-on for your
traditional SAP Business Suite and S/4HANA applications:
- SAP GUI, SAP Business Client, SAP Analysis for Office/BEx
- SAP HANA Cockpit and Studio (SAP HANA XSA)
- SAP Fiori Launchpad and SAP Gateway
- SAP ABAP based web-applications (ICF-services)
- SAP Enterprise Portal and AS Java-based web-applications
- SAP BusinessObjects including BI client tools
Supporting design and integration with your PKI (public key infrastructure)
Implement the automation of certificate provisioning and renewal (SAP certificate lifecycle management) for on-premises SAP systems
(ABAP and Java) using the CLM-capabilities of SAP Secure Login Server

Designing strategies to securely expose your internal SAP applications while utilizing existing components such as reverse proxies, web dispatchers
Integrating with modern solutions like Azure Active Directory Application Proxy and cloud-based security components
Considering complex Active Directory environments with multiple domains and forests
Outlining approaches for implementing Identity Federation
scenarios and integrations with existing Identity Providers
Integrate with further IT components, cloud systems
and SaaS applications including non-SAP applications
Support integration with mobile devices and MDM gateways
Integration with hardware tokens (smartcards) and hardware security modules
Providing multi-factor authentication (MFA) for SAP GUI and
web-applications
Implementation of projects for contactless authentication
using RFID-devices (Warehouse and Kiosk-scenarios)
Supporting projects in the area of digital signatures and
re-authentication (SSF)

Connecting the service with your SAP SaaS solutions like SAC, C4C, IBP, SFSF, Ariba, and others
Connecting BTP subaccounts to your SAP Cloud Identity Services tenants (Identity Authentication) and corporate identity providers
Integrate IAS with your on-premises and Non-SAP SaaS applications using OIDC or SAML for SSO
Setup identity provider (IdP) proxy mode, flexible SAML attribute and group mappings and merging, combining identity data from SAP Cloud Identity Services and corporate IdP
Risk-based authentication in IdP proxy and federation scenarios
Outlining different user-onboarding scenarios
(SCIM and IDM integration) possible with the
SAP Cloud Identity Services (IAS and IPS)
Integrating the service with your on-premise user store (AD)
Configure SPNEGO for easy SSO towards SAP’s Business Technology Platform and SaaS applications
Configure social sign-on scenarios supporting B2B and B2C

Secure configuration and hardening of your cloud connector
Connecting your cloud applications with your corporate user store
Configuring Principal Propagation for seamless SSO towards
your on-premises SAP systems like SAP S/4HANA

Integrating Microsoft Power BI for seamless SSO towards your
SAP BW or S/4HANA systems using CommonCryptoLib and Kerberos
Integrating the SAP security landscape with existing third-party identity providers like Azure, ADFS, Shibboleth, Open AM, BIG-IP, and others
Integrating with Microsoft Azure Active Directory as an authentication instance. Utilizing security features like Conditional Access for further restricting and controlling access towards SAP applications.
Consulting for scenarios to securely expose on-premises applications using cloud gateways like MSFT AAD Application Proxy or others

Find out more about SAP SSO and our tailor-made authentication services.