Welcome to a new article of our \u201cInsider Tips\u201d series. If you are a loyal reader of our blog, you already know the benefits of Single Sign-On for SAP. SAP\u2019s standard login procedures are insecure and not user-friendly. In our previous articles, we talked about how to achieve secure DIAG, RFC, and HTTP communication by using state-of-the-art end-to-end encryption. On top of that, I recommended replacing the existing authentication method with a more secure and token-based approach. That is what SSO is all about.<\/p>\n
In volume #3 we talk about what SSO means for your SAP passwords, and answer the following questions: Do you still need passwords after implementing SSO? Or can you get rid of them completely? What are the best ways for handling SAP passwords after introducing Single Sign-On?<\/p>\n
Access to IT systems must be restricted and controlled. That is the reason why we have authorization concepts. But before authorizations kick in, users have to authenticate first<\/span>. That can occur against the target system, or even better, against a central trust repository. One of the issues in today\u2019s IT landscape is identity and authentication. And chances are, it will stay like that until quantum computers, artificial intelligence, and the blockchain rule the world \ud83d\ude42<\/p>\n Protecting your identity and credentials is more significant nowadays than it ever was. That is especially true for SAP systems. Still, more than a half of all successful data breaches are caused by weak, default, leaked or stolen passwords.<\/p>\n SSO often relies on a central repository, such as Active Directory, for user authentication. As a result, users enjoy transparent access to all SAP applications, after having authenticated against Active Directory as part of the login to their computer. Gone are the days, when users had to memorize dozens of passwords for different systems or change them frequently. Gone are the days when SAP passwords were transmitted over the network in clear text. Instead, both user productivity and the overall security were improved, thanks to the reduced number of passwords.<\/p>\n An additional benefit of hooking SSO up to a central user repository is the ability to quickly lock users out of all SAP systems, for example, if the user leaves the company.<\/p>\n Hint: <\/strong>By removing passwords as part of a SSO implementation, previously vulnerable password hashes can no longer be used by attackers to gain unauthorized access to SAP systems. Instead, attackers would have to penetrate your Active Directory infrastructure, if that is the central user repository for SAP. That is often more difficult than attacking individual SAP systems.<\/p><\/blockquote>\n Stay tuned for volume #4 of Xiting\u2019s Insider Tips for SAP Single Sign-On!<\/p>\n Welcome to a new article of our \u201cInsider Tips\u201d series. If you are a loyal reader of our blog, you already know the benefits of Single Sign-On for SAP. SAP\u2019s standard login procedures are insecure and not user-friendly. In our previous articles, we talked about how to achieve secure DIAG, RFC, and HTTP communication by […]<\/p>\n","protected":false},"author":9,"featured_media":9462,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[1835],"tags":[],"class_list":["post-2427","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"acf":[],"yoast_head":"\nSeven rules of increasing your password security while using Single Sign-On<\/h2>\n
\n