Upload
anonymous-8fcylm
View
223
Download
0
Embed Size (px)
Citation preview
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 1/26
SAP NetWeaver Single Sign-On 2.0
Overview Presentation
March 2013Product/Solution Management
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 2/26
© 2013 SAP AG. All rights reserved. 2
Agenda
SAP Portfolio
Overview SAP NetWeaver Single Sign-On
Single Sign-On Approach
Recommendations
Summary
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 3/26
SAP Portfolio
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 4/26
© 2013 SAP AG. All rights reserved. 4
Simple and secure
access
SAP NetWeaver
Single Sign-On
Manage identities
and permissions
SAP NetWeaver
Identity Management
Identify and mit igate
risks
SAP Access Control
Compliant Identity and Access Management
SAP Security Solut ions
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 5/26
© 2013 SAP AG. All rights reserved. 5
SAP Security Solutions
Simple and secure
access
SAP NetWeaver
Single Sign-On
Manage identit ies
and permissions
SAP NetWeaver
Identity Management
Identify and mit igate
risks
SAP Access Control
Compliant Identity and Access Management
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 6/26
Overview
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 7/26
© 2013 SAP AG. All rights reserved. 7
SAP NetWeaver Single Sign-OnWhat is it about?
Authenticate once and subsequently access SAP
and non-SAP applications in a secure and user-
friendly way.
Meet company and regulatory requirements.
Improve security measures and protect your
company.
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 8/26© 2013 SAP AG. All rights reserved. 8
Access-Related Challenges
cybercrime
protect trust and reputationcompetitive information
on premise to cloud integration
heterogeneous system landscape
partner integration
meet regulatory requirements
complex access processes for IT applications
employees have to remember too many passwords
unsecure storage of passwordshigh IT costs incurred by password resets
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 9/26© 2013 SAP AG. All rights reserved. 9
Solution
Agility
Security
Simplicity
Cost
efficiency
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 10/26
Single Sign-On Approach
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 11/26© 2013 SAP AG. All rights reserved. 11
Business User Expectations
SAP GUISAP NWBC
Web browser
SAP Business
Explorer
…
Easy and secure access
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 12/26© 2013 SAP AG. All rights reserved. 12
The Single Sign-On Suite Approach
Single sign-on via
Kerberos/SPNEGO
Single sign-on with X.509
certificates out-of-the-box
Web single sign-on with SAML
Password Manager
SAP NetWeaver Single Sign-On
Your system landscape and business
requirements are changing?
You have a heterogeneous system landscape?
You want to protect your investment?
You’re planning on starting with a smaller
scope, but flexibility for potential expansion is
important?
You are looking for a solution that supports
your long-term strategy?
SAP NetWeaver Single Sign-On provides a
complete “ suite” of authentication methods
bundled in a single product.
Secure Network Communication
(SNC)
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 13/26© 2013 SAP AG. All rights reserved. 13
Data Protection and SAP NetWeaver Single Sign-On
System
landscape
SAP GUI (SNC)
Web Browser (SSL)
The SAP NetWeaver platform already provides many security related capabilities.
SAP NetWeaver Single Sign-On simplifies and enhances these capabilities.
• Encryption of the network communication of SAP GUI on various operation systems
• Providing SSL certificates
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 14/26© 2013 SAP AG. All rights reserved. 14
Cloud and
cross-company
SAP and non-SAP
applications
SAP
Business Suite
Single Sign-On Strategy
S A P N
e t W e a v e r S i n g l e
S i g n - O n
optional PKI out-of-the-boxidentity federation
single sign-on across company boundaries
S A M L
Kerberos
Password manager
X.509 certificates
LDAP, RADIUS
Enterprise single sign-on (E-SSO)
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 15/26© 2013 SAP AG. All rights reserved. 15
SAP Business SuiteSingle sign-on based on Kerberos
SAP Business Suite
Secure Login Client
Secure Login Library
SPNego for ABAP
Microsoft Active
Directory
Token: Kerberos
SPNEGO only
available in newer
SAP NetWeaver
releases
SAP Business Suite
SAP NetWeaver
SAP client (native)
Web client
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 16/26© 2013 SAP AG. All rights reserved. 16
SAP and Non-SAP ApplicationsSingle sign-on based on X.509 certificates
SAP and non-SAP
applications
Secure Login Client
Secure Login Server
Secure Login Library
Microsoft Active
Directory, LDAP,
other login modules
Token: X.509
certificate
This option supports
most platforms and
clients.
Recommended for
heterogeneous andintranet scenarios
SAP Business Suite
SAP NetWeaver
Non-SAPLegacy systems
SAP client (native)
Web client
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 17/26© 2013 SAP AG. All rights reserved. 17
Cloud and Cross-CompanySingle sign-on and identity federation based on SAML
SAP and non-SAP
applications
SAML identity
provider
Microsoft Active
Directory, LDAP,
other login modules
Token: SAML
SAML is a public
standard for Web
applications. The
application server
has to support thestandard.
Recommended for
extranet scenarios,
partner integration
SAP / non-SAP Web
applications
Cloud applications
Web client
Web client
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 18/26© 2013 SAP AG. All rights reserved. 18
Secure Storage of Remaining PasswordsPassword Manager
SAP and non-SAP
applications
Password Manager
Stand-alone
Based on user name
and password
Secure storage of
remaining passwords
in a local client.
Provides automatic
capture of logincredentials
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 19/26
© 2013 SAP AG. All rights reserved. 19
Extensible Technology – Ready for the Future
Cloud and
cross-company
SAP and non-SAP
applications
SAP
Business Suite
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 20/26
Recommendations
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 21/26
© 2013 SAP AG. All rights reserved. 21
Recommendations
Identify the most critical systems. Which systems contain your most sensitive business
information? How many people have access to them? Define your overall single sign-on strategy
and start with these critical business systems.
Understand the different modules of SAP NetWeaver Single Sign-On and analyze your system
landscape to determine which SSO standards can be used. If your organization does not have the
appropriate resources and know-how, involve SAP Consulting or SAP partners.
Passwords are often the weakest link in enterprises. Prevent the usage of password by relying on
standards such as SAML, X.509 certificates, or Kerberos. SAP NetWeaver Single Sign-On offers
solutions for all of these standards.
Once you have implemented single sign-on, start enforcing strong passwords in the related
systems. Mid-term strategy: Consider disabling user name/password authentication in critical
business systems.
Provide a tool to store remaining passwords (such as the Password Manager component of SAP
NetWeaver Single Sign-On).
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 22/26
Summary
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 23/26
© 2013 SAP AG. All rights reserved. 23
Summary
SAP NetWeaver Single Sign-On is a “ Single Sign-On Suite” that supports SAP aswell as non-SAP applications.
It offers:
• Investment protection
• Flexibility
• Single sign-on for heterogeneous system landscapes
What are the main business drivers?
• Protect business, reputation and trust
• Lower password related costs
• Simplicity and agility
© 2013 SAP AG. All rights reserved. 23
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 24/26
© 2013 SAP AG. All rights reserved. 24
More information
Read the customer stories and the product brief on www.SAP.comhttp://www.sap.com/solutions/technology/application-foundation-security/single-sign-on/index.epx
Calculate your return on investmenthttp://scn.sap.com/community/netweaver-sso/blog/2012/11/21/figure-out-your-return-on-investment
Find detailed technical information in SAP Community Networkhttp://scn.sap.com/community/netweaver-sso
Stay up-to-date and subscribe to the SAP Product Security, IDM and SSO Newsletter https://www.sap.com/campaign/ne/newsletter/g_nl_subscription_product_security/index.epx?kNtBzmUK9zU
Try it out - request a free test license from your SAP account manager today!
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 25/26
Thank you
Contact information:
Solution Management
SAP AG
8/10/2019 SAPNW SSO Overview Presentation
http://slidepdf.com/reader/full/sapnw-sso-overview-presentation 26/26
© 2013 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG.The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or
warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group
products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing
herein should be construed as constituting an additional warranty.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in
Germany and other countries.
Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.