SAPNW SSO Overview Presentation

8/10/2019 SAPNW SSO Overview Presentation

http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 1/26

SAP NetWeaver Single Sign-On 2.0

Overview Presentation

March 2013Product/Solution Management



© 2013 SAP AG. All rights reserved. 2

Agenda

SAP Portfolio

Overview SAP NetWeaver Single Sign-On

Single Sign-On Approach

Recommendations

Summary



SAP Portfolio




Simple and secure

access

SAP NetWeaver

Single Sign-On

Manage identities

and permissions

SAP NetWeaver

Identity Management

Identify and mit igate

risks

SAP Access Control

Compliant Identity and Access Management

SAP Security Solut ions




SAP Security Solutions

Simple and secure

access

SAP NetWeaver

Single Sign-On

Manage identit ies

and permissions

SAP NetWeaver

Identity Management

Identify and mit igate

risks

SAP Access Control

Compliant Identity and Access Management



Overview




SAP NetWeaver Single Sign-OnWhat is it about?

Authenticate once and subsequently access SAP

and non-SAP applications in a secure and user-

friendly way.

Meet company and regulatory requirements.

Improve security measures and protect your

company.


http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 8/26© 2013 SAP AG. All rights reserved. 8

Access-Related Challenges

cybercrime

protect trust and reputationcompetitive information

on premise to cloud integration

heterogeneous system landscape

partner integration

meet regulatory requirements

complex access processes for IT applications

employees have to remember too many passwords

unsecure storage of passwordshigh IT costs incurred by password resets



Solution

Agility

Security

Simplicity

Cost

efficiency



Single Sign-On Approach



Business User Expectations

SAP GUISAP NWBC

Web browser

SAP Business

Explorer

…

Easy and secure access



The Single Sign-On Suite Approach

Single sign-on via

Kerberos/SPNEGO

Single sign-on with X.509

certificates out-of-the-box

Web single sign-on with SAML

Password Manager

SAP NetWeaver Single Sign-On

Your system landscape and business

requirements are changing?

You have a heterogeneous system landscape?

You want to protect your investment?

You’re planning on starting with a smaller

scope, but flexibility for potential expansion is

important?

You are looking for a solution that supports

your long-term strategy?

SAP NetWeaver Single Sign-On provides a

complete “ suite” of authentication methods

bundled in a single product.

Secure Network Communication

(SNC)



Data Protection and SAP NetWeaver Single Sign-On

System

landscape

SAP GUI (SNC)

Web Browser (SSL)

The SAP NetWeaver platform already provides many security related capabilities.

SAP NetWeaver Single Sign-On simplifies and enhances these capabilities.

• Encryption of the network communication of SAP GUI on various operation systems

• Providing SSL certificates



Cloud and

cross-company

SAP and non-SAP

applications

SAP

Business Suite

Single Sign-On Strategy

S A P N

e t W e a v e r S i n g l e

S i g n - O n

optional PKI out-of-the-boxidentity federation

single sign-on across company boundaries

S A M L

Kerberos

Password manager

X.509 certificates

LDAP, RADIUS

Enterprise single sign-on (E-SSO)



SAP Business SuiteSingle sign-on based on Kerberos

SAP Business Suite

Secure Login Client

Secure Login Library

SPNego for ABAP

Microsoft Active

Directory

Token: Kerberos

SPNEGO only

available in newer

SAP NetWeaver

releases

SAP Business Suite

SAP NetWeaver

SAP client (native)

Web client



SAP and Non-SAP ApplicationsSingle sign-on based on X.509 certificates

SAP and non-SAP

applications

Secure Login Client

Secure Login Server

Secure Login Library

Microsoft Active

Directory, LDAP,

other login modules

Token: X.509

certificate

This option supports

most platforms and

clients.

Recommended for

heterogeneous andintranet scenarios

SAP Business Suite

SAP NetWeaver

Non-SAPLegacy systems

SAP client (native)

Web client



Cloud and Cross-CompanySingle sign-on and identity federation based on SAML

SAP and non-SAP

applications

SAML identity

provider

Microsoft Active

Directory, LDAP,

other login modules

Token: SAML

SAML is a public

standard for Web

applications. The

application server

has to support thestandard.

Recommended for

extranet scenarios,

partner integration

SAP / non-SAP Web

applications

Cloud applications

Web client

Web client



Secure Storage of Remaining PasswordsPassword Manager

SAP and non-SAP

applications

Password Manager

Stand-alone

Based on user name

and password

Secure storage of

remaining passwords

in a local client.

Provides automatic

capture of logincredentials




Extensible Technology – Ready for the Future

Cloud and

cross-company

SAP and non-SAP

applications

SAP

Business Suite



Recommendations




Recommendations

Identify the most critical systems. Which systems contain your most sensitive business

information? How many people have access to them? Define your overall single sign-on strategy

and start with these critical business systems.

Understand the different modules of SAP NetWeaver Single Sign-On and analyze your system

landscape to determine which SSO standards can be used. If your organization does not have the

appropriate resources and know-how, involve SAP Consulting or SAP partners.

Passwords are often the weakest link in enterprises. Prevent the usage of password by relying on

standards such as SAML, X.509 certificates, or Kerberos. SAP NetWeaver Single Sign-On offers

solutions for all of these standards.

Once you have implemented single sign-on, start enforcing strong passwords in the related

systems. Mid-term strategy: Consider disabling user name/password authentication in critical

business systems.

Provide a tool to store remaining passwords (such as the Password Manager component of SAP

NetWeaver Single Sign-On).



Summary




Summary

SAP NetWeaver Single Sign-On is a “ Single Sign-On Suite” that supports SAP aswell as non-SAP applications.

It offers:

• Investment protection

• Flexibility

• Single sign-on for heterogeneous system landscapes

What are the main business drivers?

• Protect business, reputation and trust

• Lower password related costs

• Simplicity and agility





More information

Read the customer stories and the product brief on www.SAP.comhttp://www.sap.com/solutions/technology/application-foundation-security/single-sign-on/index.epx

Calculate your return on investmenthttp://scn.sap.com/community/netweaver-sso/blog/2012/11/21/figure-out-your-return-on-investment

Find detailed technical information in SAP Community Networkhttp://scn.sap.com/community/netweaver-sso

Stay up-to-date and subscribe to the SAP Product Security, IDM and SSO Newsletter https://www.sap.com/campaign/ne/newsletter/g_nl_subscription_product_security/index.epx?kNtBzmUK9zU

Try it out - request a free test license from your SAP account manager today!



Thank you

Contact information:

Solution Management

SAP AG



© 2013 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG.The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.

National product specifications may vary.

These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or

warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group

products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing

herein should be construed as constituting an additional warranty.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in

Germany and other countries.

Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.

Documents

SAPNW SSO Overview Presentation