SAP solutions for secure authentication and SSO

Your Contact

Carsten Olt
SAP Single Sign-On
[email protected]

Your Contact

Alessandro Banzer
SAP Single Sign-On
[email protected]

Are you interested in our services?

Contact us for a non-binding offer!

SAP Single Sign-On 3.0
On-Premise Solution

The solution allows customers to enable SSO for SAP desktop clients, web applications, and mobile devices, supporting primarily on-premises landscapes. The product enables the encryption of communication data for SAP GUI and other desktop clients and the digital signature of documents in SAP GUI transactions. In this context, SAP Single Sign-On 3.0 will remain as a cornerstone for on-premises SAP environments.

SAP Cloud Identity Services
Identity Authentication (IAS)

SAP Cloud Identity Services targets cloud applications beyond the corporate user base. This holistic service comes with capabilities of secure authentication, single sign-on, and identity provisioning. It acts as a central and strategic authentication hub providing a single and automated integration point for all SAP PaaS and SaaS applications. The hybrid operation of both solutions covers all SAP cloud and on-premises applications and supports various secure authentication methods and single sign-on standards.

Best Practice Workshop

Target group-specific and practice-oriented knowledge transfer.

Concept & Solution Design

Development of your individual roadmap for SAP Single Sign-On.

Implementation & Operation

Broad range of consulting services covering all project phases and standard SAP applications.

Audit & Security Check

Identify potential weaknesses in your established SAP SSO infrastructure.

Migration & Upgrade

Our migration concept supports a phased-approach considering a smooth transition to the new solution.

Education & Training

Xiting is the exclusive training partner for the official SAP training course WDESSO related to the solution SAP Single Sign-On 3.0

Discover our broad range of consulting in the field of secure authentication

Your Benefits with our Services

General Needs and Advantages of SAP SSO

In a Single Sign-On (SSO) scenario, user authentication is performed only once. This happens usually against a trusted authentication entity like the Active Directory. After this authentication access to all SAP systems (applications) will be carried out automatically based on a secure token that identifies the user. SSO is not only used to simplify the login process for the end-user but also is a good tool to increase the security. With SSO, no longer passwords are transmitted between the systems over the network. Besides an increase in efficiency, you achieve even better security with less administrative effort.

While implementing SSO to the SAP landscape, no changes to the authorization of a user (authorization and role concept) are made. Only the login method will be replaced. The introduction of SSO offers many advantages such as increasing productivity, as the normal user-workflow is not disturbed. Simpler administration of the SAP user accounts is enabled by waiving passwords. Thus, higher acceptance of the end-user is achieved. In the SAP standard system, the communication is not encrypted, this affects both the SAP GUI and communication between the browser and web-based UIs. The SAP proprietary protocols DIAG (used for SAP GUI) and RFC do not cryptographically authenticate client and server, nor do they encrypt network communication.

Qualified Consulting Services

Xiting is the preferred implementation and exclusive training partner for SAP Single Sign-On 3.0.

We support SAP organizations in designing and implementing comprehensive authentication concepts that solve various authentication challenges. Besides SAP’s on-premises and cloud security solutions, Xiting also covers integration with Azure Active Directory and ADFS, reverse proxies, the SAP Business Technology Platform and SAP SaaS solutions, and other third-party products and infrastructure components involved in the authentication process. The experience of many years and hundreds of successfully completed SSO projects allowed us to constantly adopt our best practices for security in the area of secure authentication.

We understand both worlds, help to “translate” and to bridge the gap between IT and SAP security. 

Passwords transmitted over the network are vulnerable to eavesdropping. Additionally, due to missing mutual authentication, rogue systems could intercept network traffic, manipulate content, and forward it to legitimate servers. The communication between client and server and between SAP servers can be protected using a symmetric encryption algorithm. The basis for this technology is provided by the SAP interface Secure Network Communications (SNC) which makes it possible to establish a secure connection to the SAP system through encryption and providing mechanisms for Single Sing-On.

SNC provides cryptographically strong mutual authentication, integrity protection of transmitted data, and encryption of network traffic. SNC ensures the communication between the SAP GUI running on the user’s computer and the SAP system. Based on the GSS-API a cryptographic library will be used to encrypt the data at the Network Interface (NI) protocol level and to support Kerberos and X.509 based authentication and SSO with an SAP system. Same applies for Transport Layer Security (TLS). If you have SAP systems for which you do not want to allow Single Sign-On, it is possible to enforce multi-factor authentication either for SAP GUI or the browser-based access.

Our project metholdogy

Our best practice implementation approach comprises several stages. Each SSO project starts with a workshop and analysis phase:

Clear communication between SAP Basis and other IT and security related stakeholders is key to success and requires early involvement and a common understanding. Kickoff your SSO project with our best practice workshop. We convey the required foundations and examine your requirements while considering your existing environment. Our solution concept helps to set the course for the implementation of the necessary SAP solution components. We support you in all project phases, from POC over Pilot to Go Live. We also integrate with your existing infrastructure and involved Non-SAP system components.

Support Service for Your SAP SSO

With our SSO Support Service, we offer you the opportunity to get advice on secure authentication and SAP Single Sign-On!


Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 8999 002
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]

Attend our live webinars and learn more from our experts about SAP authorizations, XAMS, SAP IDM and many other topics in the context of SAP security.

Register now