Secure Authentication and SAP Single Sign-On
A securely established authentication infrastructure, bundle identity information for users in a central location that supports multi-factor and risk-based authentication including single sign-on across devices, resources, and apps in the cloud and on-premises.
Area of SSO Expertise | On-Premise
- SAP Single Sign-On 3.0 and SNC Client Encryption 2.0 including migration support from third-party SNC solutions
- Holistic advice on all common SSO standards and their correct use in the SAP environments
- Encryption of SAP communication protocols and interfaces using Secure Network Communications (SNC) and Transport Layer Security (TLS)
- Hardening your CommonCryptoLib and SSO related profile parameters
- Implementing communication security and single sign-on for your
traditional SAP Business Suite and S/4HANA applications:- SAP GUI, SAP Business Client, SAP Analysis for Office/BEx
- SAP HANA Cockpit and Studio (SAP HANA XSA)
- SAP Fiori Launchpad and SAP Gateway
- SAP ABAP based web-applications (ICF-services)
- SAP Enterprise Portal and AS Java-based web-applications
- SAP BusinessObjects including BI client tools
- Supporting design and integration with your PKI (public key infrastructure)
- Implement the automation of certificate provisioning and renewal (SAP certificate lifecycle management) for on-premises SAP systems
(ABAP and Java) using the CLM-capabilities of SAP Secure Login Server
- Designing strategies to securely expose your internal SAP applications while utilizing existing components such as reverse proxies, web dispatchers
- Integrating with modern solutions like Azure Active Directory Application Proxy and cloud-based security components
- Considering complex Active Directory environments with multiple domains and forests
- Outlining approaches for implementing Identity Federation
scenarios and integrations with existing Identity Providers - Integrate with further IT components, cloud systems
and SaaS applications including non-SAP applications - Support integration with mobile devices and MDM gateways
- Integration with hardware tokens (smartcards) and hardware security modules
- Providing multi-factor authentication (MFA) for SAP GUI and
web-applications - Implementation of projects for contactless authentication
using RFID-devices (Warehouse and Kiosk-scenarios) - Supporting projects in the area of digital signatures and
re-authentication (SSF)
Area of SSO Expertise | Cloud
SAP Cloud Identity Services (Focus on Identity Authentication)
- Connecting the service with your SAP SaaS solutions like SAC, C4C, IBP, SFSF, Ariba, and others
- Connecting BTP subaccounts to your SAP Cloud Identity Services tenantsĀ (Identity Authentication) and corporate identity providers
- Integrate IAS with your on-premises and Non-SAP SaaS applications using OIDC or SAML for SSO
- Setup identity provider (IdP) proxy mode, flexible SAML attribute and group mappings and merging, combining identity data from SAP Cloud Identity Services and corporate IdP
- Risk-based authentication in IdP proxy and federation scenarios
- Outlining different user-onboarding scenarios
(SCIM and IDM integration) possible with the
SAP Cloud Identity Services (IAS and IPS) - Integrating the service with your on-premise user store (AD)
- Configure SPNEGO for easy SSO towards SAPās Business Technology Platform and SaaS applications
- Configure social sign-on scenarios supporting B2B and B2C
SAP Cloud Connector
- Secure configuration and hardening of your cloud connector
- Connecting your cloud applications with your corporate user store
- Configuring Principal Propagation for seamless SSO towards
your on-premises SAP systems like SAP S/4HANA
Integration with Non-SAP cloud solutions
- Integrating Microsoft Power BI for seamless SSO towards your
SAP BW or S/4HANA systems using CommonCryptoLib and Kerberos - Integrating the SAP security landscape with existing third-party identity providers like Azure, ADFS, Shibboleth, Open AM, BIG-IP, and others
- Integrating with Microsoft Azure Active Directory as an authentication instance. Utilizing security features like Conditional Access for further restricting and controlling access towards SAP applications.
- Consulting for scenarios to securely expose on-premises applications using cloud gateways like MSFT AAD Application Proxy or others
You want to learn more about SAP SSO and Secure Authentication?
Find out more about SAP SSO and our tailor-made authentication services.