{"id":1435,"date":"2016-11-17T08:27:43","date_gmt":"2016-11-17T07:27:43","guid":{"rendered":"https:\/\/www.xiting.us\/?p=1435"},"modified":"2025-10-01T10:41:59","modified_gmt":"2025-10-01T08:41:59","slug":"sap-single-sign-on-3-0-to-reduce-effort-and-risk","status":"publish","type":"post","link":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/","title":{"rendered":"SAP Single Sign-On 3.0\u00a0helps organizations to reduce effort and risk"},"content":{"rendered":"<p>SAP Single Sign-On 3.0 has a lot of new features to help organizations reduce effort and risk involved in implementing and maintaining a secure single sign-on (SSO) solution for SAP.&nbsp;In this article, we will present you the three best features of this new release.<\/p>\n<h2>Encryption-only mode to ensure secure communication, always<\/h2>\n<p>The Secure Network Communications (SNC) module was integrated into the network interface of all SAP components in 1997, and it is still an integral part of the standard. Besides Authentication (Single Sign-On), SNC offers data-in-transit encryption. Until the release of version 3.0, SAP Single Sign-On used the source to derive cryptographic keys used for user authentication and session encryption.<\/p>\n<p>In the case of an issue with the user authentication mechanism, for example, caused by a lost or forgotten smart card or the unavailability of Secure Login Server (a critical component of SAP Single Sign-On), often the only workaround was to disable SNC altogether. Unfortunately, that also meant disabling encryption and potentially exposing data-in-transit.<\/p>\n<figure id=\"attachment_1440\" aria-describedby=\"caption-attachment-1440\" style=\"width: 985px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.xiting.us\/wp-content\/uploads\/2016\/11\/2016-11-16-at-4.36-PM.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"size-large wp-image-1440\" src=\"https:\/\/www.xiting.us\/wp-content\/uploads\/2016\/11\/2016-11-16-at-4.36-PM-985x1024.png\" alt=\"SAP Single Sign-On 3.0 Encryption only mode\" width=\"985\" height=\"1024\"><\/a><figcaption id=\"caption-attachment-1440\" class=\"wp-caption-text\">Encryption only mode in Secure Login Client 3.0<\/figcaption><\/figure>\n<p>The new encryption-only mode of SAP Single Sign-On 3.0 enables network encryption for the SNC protocol used for communication with SAP systems, even if a user-specific security token is temporarily unavailable or not yet configured. That allows customers to immediately protect data communication during an implementation project, before user-specific configuration (user mapping) is in place, and to ensure data privacy if the end-user has lost the smart card holding the required digital certificate. The encryption-only mode is enabled automatically whenever there is no security token available for SNC.<\/p>\n<p>Data encryption for SAP Dynamic Information and Action Gateway (DIAG) or Remote Function Call (RFC) connections in 2016 must no longer be considered nice-to-have, but a must, and it is equally important as encrypting HTTP connections using TLS. That not only prevents eavesdropping on SAP network traffic but also protects user credentials sent over the network during SAP authentication, especially in those cases where no single sign-on is possible for whatever reasons and password-based authentications takes place.<\/p>\n<p>With the latest SAP CommonCryptoLib in conjunction with the Secure Login Client 3.0, you can make use of that feature.<\/p>\n<h2>Support for existing PKI implementations<\/h2>\n<p>The Secure Login Server is part of SAP Single Sign-On and acts as a central service, which provides X.509 certificates to users and application servers (out-of-the-box PKI). So far, companies have used the Secure Login Server mostly in scenarios where no certification authority was available or if additional security and strong authentication &#8211; such as one-time passwords &#8211; were required to access critical SAP systems in the landscape.<\/p>\n<figure id=\"attachment_1436\" aria-describedby=\"caption-attachment-1436\" style=\"width: 543px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.xiting.us\/wp-content\/uploads\/2016\/11\/sap-single-sign-on-remote-ca.png\"><img decoding=\"async\" class=\"wp-image-1436 size-full\" src=\"https:\/\/www.xiting.us\/wp-content\/uploads\/2016\/11\/sap-single-sign-on-remote-ca.png\" alt=\"SAP Single Sign-On 3.0 Remote CA\" width=\"543\" height=\"291\"><\/a><figcaption id=\"caption-attachment-1436\" class=\"wp-caption-text\">SAP Single Sign-On 3.0 Remote CA<\/figcaption><\/figure>\n<p>As soon as organizations operate a dedicated PKI for wider use in the IT landscape, many aspects have to be taken into account. Processes are in place to control the registration, issuance, and lifecycle of the certificates. Central administration and provisioning of certificates and revocation lists, the operation of an OSCP responder, security of the private keys by using hardware security modules (HSMs) or the configuration of the certificate types to be issued, are only a few aspects. In addition to this, a large number of organizational issues and concepts for ensuring proper operation of the PKI, the processes as well as technical and non-technical guidelines known as Certificate Policies (CP) and Certificate Practice Statement (CPS) need to be applied, which often prohibits any other certificate issuer. As a result, customers already operating an enterprise PKI, normally do not want to introduce the Secure Login Server as a second system for provisioning digital certificates.<\/p>\n<p>SAP Single Sign-On 3.0 introduced a new feature for the Secure Login Server (SLS) called Remote CA. By using this feature, the SLS no longer has to operate as a separate CA under an existing Corporate Root CA. It allows easy integration into an existing PKI. An SLS-Remote CA acts as a web service for an existing enterprise PKI solution, which allows client certificate requests to be signed by the PKI instance instead of SLS itself. The Secure Login Server&nbsp;only forwards the client requests and takes care of proper authentication while still providing robust authentication and name mapping features. With this approach, the SLS verifies the identity of entities requesting digital certificates, and if required offers risk-based authentication, multi-factor authentication as well as RADIUS, RSA SecurID, LDAP, and SPNEGO authentication.<\/p>\n<p>With the latest service pack (SP01) of SAP Single Sign-On 3.0 released, SAP has further extended the Remote CA support. Now the Secure Login Server supports Simple CMC and Microsoft Active Directory Certificate Services (ADCS) with NDES and Web Enrollment. All of them are addressed by using HTTP destinations. Additionally, for ADCS the SLS now supports three types of certificate templates, thus allowing the SLS to issue not only user authentication certificates but also long-term SAP server authentication (TLS) certificates.<\/p>\n<h2>Lifecycle management<\/h2>\n<p>As soon as digital certificates are used on IT systems (including SAP), you need to take care of their lifecycle. When using Active Directory Certificate Services, you can make use of Autoenrollment and Autorenewal to automate the certificate provisioning and renewal for user and server certificates. That applies mainly to Microsoft Windows based machines. Until now, such a feature wasn\u2019t available in the SAP world.<\/p>\n<figure id=\"attachment_1437\" aria-describedby=\"caption-attachment-1437\" style=\"width: 630px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.xiting.us\/wp-content\/uploads\/2016\/11\/sap-single-sign-on-lifecycle-management.png\"><img decoding=\"async\" class=\"size-full wp-image-1437\" src=\"https:\/\/www.xiting.us\/wp-content\/uploads\/2016\/11\/sap-single-sign-on-lifecycle-management.png\" alt=\"SAP Single Sign-On 3.0 Lifecycle Management\" width=\"630\" height=\"289\"><\/a><figcaption id=\"caption-attachment-1437\" class=\"wp-caption-text\">SAP Single Sign-On 3.0 Lifecycle Management<\/figcaption><\/figure>\n<p>The process of automatically enrolling server certificates and taking care of their proper renewal, can now be implemented by registering all involved AS ABAP systems to your Secure Login Server. That is made possible by the so-called Certificate Lifecycle Management, part of the new SLS 3.0. You can use ABAP reports to setup and automate the certificate management for certificates that you previously managed via transaction STRUST. Moreover, the Secure Login Server can facilitate and automate the process of rolling out trusted root certificates to all systems that you registered for the lifecycle.<\/p>\n<p>While implementing the certificate lifecycle management feature is a simple and straightforward process, setting it up for every instance in your SAP landscape would be a tiresome process. To mitigate that, SAP Single Sign-On 3.0 includes a command line tool that automates the certificate renewal for all server components in your landscape using a file-based personal security environment (PSE). The SAPSLSCLI allows you to fully script your certificate lifecycle. Beginning with the initial creation of your PSE files, the request of the registration agent certificate, the enrollment, and installation of your signed certificates as well as the distribution of trusted Root CA certificates and renewal of your server certificates, based on a defined grace period. This script could be scheduled with operating systems tools. The lifecycle management, of course, can be combined with the Remote CA feature previously mentioned.<\/p>\n<h2>SAP Single Sign-On 3.0<\/h2>\n<p>The features described above help administrators to manage the certificate lifecycle by automating creation, enrollment, renewals, thus significantly reducing manual effort, eliminating the risks of human errors, and preventing costly system downtime. With the latest features part of the new release 3.0 you can strengthen the security of your SAP landscape, simplify the administration and dramatically reduce efforts and costs as your SAP landscape increases in size.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SAP Single Sign-On 3.0 has a lot of new features to help organizations reduce effort and risk involved in implementing and maintaining a secure single sign-on (SSO) solution for SAP.&nbsp;In this article, we will present you the three best features of this new release. Encryption-only mode to ensure secure communication, always The Secure Network Communications [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":9462,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[4],"tags":[150,99],"class_list":["post-1435","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-sap-single-sign-on-en","tag-sap-sso"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.2 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SAP Single Sign-On 3.0\u00a0helps organizations to reduce effort and risk - Xiting<\/title>\n<meta name=\"description\" content=\"SAP Single Sign-On 3.0 has a lot of new features to help organizations reduce effort and risk involved in implementing and maintaining a secure single...\" \/>\n<meta name=\"robots\" content=\"noindex, nofollow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Single Sign-On 3.0\u00a0helps organizations to reduce effort and risk\" \/>\n<meta property=\"og:description\" content=\"SAP Single Sign-On 3.0 has a lot of new features to help organizations reduce effort and risk involved in implementing and maintaining a secure single\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XitingAG\" \/>\n<meta property=\"article:published_time\" content=\"2016-11-17T07:27:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-01T08:41:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiting.com\/wp-content\/uploads\/2017\/10\/sap-security-blog-sso.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"964\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Carsten Olt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@jsterr@xiting.de\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carsten Olt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/\"},\"author\":{\"name\":\"Carsten Olt\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/person\\\/3c32c7de1132d012e263720a9f3300a2\"},\"headline\":\"SAP Single Sign-On 3.0\u00a0helps organizations to reduce effort and risk\",\"datePublished\":\"2016-11-17T07:27:43+00:00\",\"dateModified\":\"2025-10-01T08:41:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/\"},\"wordCount\":1197,\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2017\\\/10\\\/sap-security-blog-sso.jpg\",\"keywords\":[\"SAP Single Sign-On\",\"SAP SSO\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/\",\"name\":\"SAP Single Sign-On 3.0\u00a0helps organizations to reduce effort and risk - Xiting\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2017\\\/10\\\/sap-security-blog-sso.jpg\",\"datePublished\":\"2016-11-17T07:27:43+00:00\",\"dateModified\":\"2025-10-01T08:41:59+00:00\",\"description\":\"SAP Single Sign-On 3.0 has a lot of new features to help organizations reduce effort and risk involved in implementing and maintaining a secure single...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2017\\\/10\\\/sap-security-blog-sso.jpg\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2017\\\/10\\\/sap-security-blog-sso.jpg\",\"width\":964,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/xiting.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Single Sign-On 3.0\u00a0helps organizations to reduce effort and risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/\",\"name\":\"Xiting\",\"description\":\"Your Expert for SAP Security\",\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xiting.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\",\"name\":\"Xiting\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/xiting-logo.svg\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/xiting-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Xiting\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XitingAG\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/1345129\\\/\",\"https:\\\/\\\/www.instagram.com\\\/xiting.global\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/person\\\/3c32c7de1132d012e263720a9f3300a2\",\"name\":\"Carsten Olt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g\",\"caption\":\"Carsten Olt\"},\"description\":\"Carsten Olt has been working as a Managing SAP Security Consultant since 2016, responsible for Secure Authentication &amp; SSO and SAP Cloud Security Services at Xiting in Germany. As a member of the IAM team, he is also a team leader who conveys the company's goals and strategies to employees and has organizational responsibility. With a security-minded approach, Carsten has international project and IT security experience in many industries. He has been working in IT-Security since 2001, specializing in SAP security since 2010. He is a subject matter expert for SAP Single Sign-On 3.0 and a trainer for the WDESSO course. His current focus is on supporting customers in solving authentication and security challenges within hybrid SAP landscapes, as well as designing and implementing holistic authentication concepts. Carsten is an ISACA CISA and a former MCP and RHCE with an ISP background, and he looks at security from different angles. He also translates between SAP and IT security vocabulary. Carsten has in-depth experience in multi-vendor architectures and MSFT\\\/Azure components, dealing with all the requirements concerning SAML 2.0, OAuth, OpenID Connect, SCIM, X.509 CBA &amp; PKI, MFA, SAP SSO, and Secure Network Communications, Kerberos\\\/SPNEGO, data security and encryption, as well as digital signatures. Carsten is experienced in SAP on-premises components such as S\\\/4HANA, ABAP, and Java, as well as security solutions like SSO 3.0. Since 2019, he has focused on SAP-Cloudified environments, specifically the SAP Cloud Identity Services and SAP BTP, as well as SaaS integrations concerning IAM. He deals with hybrid SAP security in conjunction with Azure Active Directory, ADDS, ADFS, ADCS, Reverse Proxies\\\/WAF, SAP Web Dispatcher, SAP Cloud Connector, third-party products, and infrastructure components.\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/jsterr@xiting.de\"],\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/author\\\/carsten-olt\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Single Sign-On 3.0\u00a0helps organizations to reduce effort and risk - Xiting","description":"SAP Single Sign-On 3.0 has a lot of new features to help organizations reduce effort and risk involved in implementing and maintaining a secure single...","robots":{"index":"noindex","follow":"nofollow"},"og_locale":"en_US","og_type":"article","og_title":"SAP Single Sign-On 3.0\u00a0helps organizations to reduce effort and risk","og_description":"SAP Single Sign-On 3.0 has a lot of new features to help organizations reduce effort and risk involved in implementing and maintaining a secure single","og_url":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/","og_site_name":"Xiting","article_publisher":"https:\/\/www.facebook.com\/XitingAG","article_published_time":"2016-11-17T07:27:43+00:00","article_modified_time":"2025-10-01T08:41:59+00:00","og_image":[{"width":964,"height":600,"url":"https:\/\/xiting.com\/wp-content\/uploads\/2017\/10\/sap-security-blog-sso.jpg","type":"image\/jpeg"}],"author":"Carsten Olt","twitter_card":"summary_large_image","twitter_creator":"@jsterr@xiting.de","twitter_misc":{"Written by":"Carsten Olt","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/#article","isPartOf":{"@id":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/"},"author":{"name":"Carsten Olt","@id":"https:\/\/xiting.com\/en\/#\/schema\/person\/3c32c7de1132d012e263720a9f3300a2"},"headline":"SAP Single Sign-On 3.0\u00a0helps organizations to reduce effort and risk","datePublished":"2016-11-17T07:27:43+00:00","dateModified":"2025-10-01T08:41:59+00:00","mainEntityOfPage":{"@id":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/"},"wordCount":1197,"publisher":{"@id":"https:\/\/xiting.com\/en\/#organization"},"image":{"@id":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2017\/10\/sap-security-blog-sso.jpg","keywords":["SAP Single Sign-On","SAP SSO"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/","url":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/","name":"SAP Single Sign-On 3.0\u00a0helps organizations to reduce effort and risk - Xiting","isPartOf":{"@id":"https:\/\/xiting.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/#primaryimage"},"image":{"@id":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2017\/10\/sap-security-blog-sso.jpg","datePublished":"2016-11-17T07:27:43+00:00","dateModified":"2025-10-01T08:41:59+00:00","description":"SAP Single Sign-On 3.0 has a lot of new features to help organizations reduce effort and risk involved in implementing and maintaining a secure single...","breadcrumb":{"@id":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/#primaryimage","url":"https:\/\/xiting.com\/wp-content\/uploads\/2017\/10\/sap-security-blog-sso.jpg","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2017\/10\/sap-security-blog-sso.jpg","width":964,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/xiting.com\/en\/sap-single-sign-on-3-0-to-reduce-effort-and-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiting.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Single Sign-On 3.0\u00a0helps organizations to reduce effort and risk"}]},{"@type":"WebSite","@id":"https:\/\/xiting.com\/en\/#website","url":"https:\/\/xiting.com\/en\/","name":"Xiting","description":"Your Expert for SAP Security","publisher":{"@id":"https:\/\/xiting.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiting.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiting.com\/en\/#organization","name":"Xiting","url":"https:\/\/xiting.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiting.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/08\/xiting-logo.svg","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/08\/xiting-logo.svg","width":1,"height":1,"caption":"Xiting"},"image":{"@id":"https:\/\/xiting.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XitingAG","https:\/\/www.linkedin.com\/company\/1345129\/","https:\/\/www.instagram.com\/xiting.global\/"]},{"@type":"Person","@id":"https:\/\/xiting.com\/en\/#\/schema\/person\/3c32c7de1132d012e263720a9f3300a2","name":"Carsten Olt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g","caption":"Carsten Olt"},"description":"Carsten Olt has been working as a Managing SAP Security Consultant since 2016, responsible for Secure Authentication &amp; SSO and SAP Cloud Security Services at Xiting in Germany. As a member of the IAM team, he is also a team leader who conveys the company's goals and strategies to employees and has organizational responsibility. With a security-minded approach, Carsten has international project and IT security experience in many industries. He has been working in IT-Security since 2001, specializing in SAP security since 2010. He is a subject matter expert for SAP Single Sign-On 3.0 and a trainer for the WDESSO course. His current focus is on supporting customers in solving authentication and security challenges within hybrid SAP landscapes, as well as designing and implementing holistic authentication concepts. Carsten is an ISACA CISA and a former MCP and RHCE with an ISP background, and he looks at security from different angles. He also translates between SAP and IT security vocabulary. Carsten has in-depth experience in multi-vendor architectures and MSFT\/Azure components, dealing with all the requirements concerning SAML 2.0, OAuth, OpenID Connect, SCIM, X.509 CBA &amp; PKI, MFA, SAP SSO, and Secure Network Communications, Kerberos\/SPNEGO, data security and encryption, as well as digital signatures. Carsten is experienced in SAP on-premises components such as S\/4HANA, ABAP, and Java, as well as security solutions like SSO 3.0. Since 2019, he has focused on SAP-Cloudified environments, specifically the SAP Cloud Identity Services and SAP BTP, as well as SaaS integrations concerning IAM. He deals with hybrid SAP security in conjunction with Azure Active Directory, ADDS, ADFS, ADCS, Reverse Proxies\/WAF, SAP Web Dispatcher, SAP Cloud Connector, third-party products, and infrastructure components.","sameAs":["https:\/\/x.com\/jsterr@xiting.de"],"url":"https:\/\/xiting.com\/en\/author\/carsten-olt\/"}]}},"_links":{"self":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/posts\/1435","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/comments?post=1435"}],"version-history":[{"count":1,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/posts\/1435\/revisions"}],"predecessor-version":[{"id":9499,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/posts\/1435\/revisions\/9499"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/media\/9462"}],"wp:attachment":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/media?parent=1435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/categories?post=1435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/tags?post=1435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}