sap single sign-on overview presentation
Post on 02-Jun-2018
234 Views
Preview:
TRANSCRIPT
-
8/11/2019 SAP Single Sign-On Overview Presentation
1/34
SAP Single Sign-On 2.0Overview PresentationJune 2014
-
8/11/2019 SAP Single Sign-On Overview Presentation
2/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Legal disclaimer
This presentation is not subject to your license agreement or any other agreement with SAP. SAP h
no obligation to pursue any course of business outlined in this presentation or to develop or releasany functionality mentioned in this presentation. This presentation and SAP's strategy and possiblfuture developments are subject to change and may be changed by SAP at any time for any reasonwithout notice. This document is provided without a warranty of any kind, either express or impliincluding but not limited to, the implied warranties of merchantability, fitness for a particular purpnon-infringement. SAP assumes no responsibility for errors or omissions in this document, exceptsuch damages were caused by SAP intentionally or grossly negligent.
-
8/11/2019 SAP Single Sign-On Overview Presentation
3/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Agenda
SAP Portfolio
Overview SAP Single Sign-On
Single Sign-On Scenarios
Architecture
Whats New in Support Package 03
Recommendations
Summary
-
8/11/2019 SAP Single Sign-On Overview Presentation
4/34
-
8/11/2019 SAP Single Sign-On Overview Presentation
5/34 2014 SAP AG or an SAP affiliate company. All rights reserved.
SAP Identity and Access Management Solutions
Simplify and secureaccess
SAPSingle Sign-On
Manage identi ties andpermissions
SAPIdentity Management
Identi fy a
SAP Acc
Compliant Identity and Access Management
-
8/11/2019 SAP Single Sign-On Overview Presentation
6/34
Overview SAP Single Sign-On
-
8/11/2019 SAP Single Sign-On Overview Presentation
7/34 2014 SAP AG or an SAP affiliate company. All rights reserved.
Authenticate once and subsequently access SAP annon-SAP applications in a secure and user-friend
Meet company and regulatory requirements.
Improve security measures and protect your comp
SAP Single Sign-On What is i t about?
-
8/11/2019 SAP Single Sign-On Overview Presentation
8/34 2014 SAP AG or an SAP affiliate company. All rights reserved.
SAP Single Sign-On Benefits
Security
Reduce Co
Simplicity
-
8/11/2019 SAP Single Sign-On Overview Presentation
9/34 2014 SAP AG or an SAP affiliate company. All rights reserved.
SAP Single Sign-On Benefits in Detail
Re-use of passwords Password patterns Trivial passwords Passwords on post-it notes Leaked passwords
Solve security and compliance
issues caused by
Solve productivity issuescaused by
Large number of manual loginsForgotten passwordsHelp desk calls
Only one secure (!) pto remember
Only one password tand protect
Automated login whwork
-
8/11/2019 SAP Single Sign-On Overview Presentation
10/34
Single Sign-On Scenarios
-
8/11/2019 SAP Single Sign-On Overview Presentation
11/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Business User Expectations
SAP GUI
SAP NetWeaver Business Client
WebBrowser
SAP BusinessExplorer
Easy and secure access
-
8/11/2019 SAP Single Sign-On Overview Presentation
12/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
SAP Single Sign-On 2.0Key Capabilities
Single sign-on for SAP and non-SAP applications
Support of proprietary SAP clients (e.g. SAP GUI)
Secure network communication (SNC)
SSO for cloud-based applications
Based on standards like X.509 certificates,SPNEGO, Kerberos, SAML
Password Manager C
cross
SAP and non-
SAP Bu
S A P S i n g l e S i g n - O n
SAP
SAP N
Passw
-
8/11/2019 SAP Single Sign-On Overview Presentation
13/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
SAP Business SuiteSingle Sign-On Based on Kerberos / SPNEGO
SAP B
SecureSecureSPNE
MicroDirect
Token
SPNEavailaSAP Nreleas
SAP Business Suite
SAP NetWeaver
SAP client (native)Web client
-
8/11/2019 SAP Single Sign-On Overview Presentation
14/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
SAP and Non-SAP ApplicationsSingle Sign-On Based on X.509 Certificates
SAP aSAP a
SecurSecurSecur
MicroDirecother
Token
certifi
This omost clientRecomheterointran
SAP Business Suite
SAP NetWeaver
Non-SAPLegacy systems
SAP client (native)Web client
-
8/11/2019 SAP Single Sign-On Overview Presentation
15/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Cloud and Cross-CompanySingle Sign-On and Identity Federation Based on SAML
SAP aapplic
SAMLprovid
MicroDirectother
Token
SAMLstandaapplicapplicto supstandaRecomextranpartne
SAP / non-SAPWeb applications
Cloud applications
Web client
Web client
-
8/11/2019 SAP Single Sign-On Overview Presentation
16/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Secure Storage of Remaining PasswordsPassword Manager
SAP aSAP a
Passw
Stand-
Basedand pa
Secureremainin a loProvidcapturcreden
-
8/11/2019 SAP Single Sign-On Overview Presentation
17/34
Architecture
-
8/11/2019 SAP Single Sign-On Overview Presentation
18/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
SAP Single Sign-On Components
Secure Login Client
Client applicationManages security tokens (Kerberos tokens, X.509 certificates)
Secure Login Server Central service on SAP NetWeaver AS JavaProvides X.509 certificates to users and application servers
Secure Login L ibraryCryptography and security library for SAP NetWeaver AS ABAP
Identity Provider Central service on SAP NetWeaver AS JavaProvides SAML 2.0 assertions for Web-based SSO
-
8/11/2019 SAP Single Sign-On Overview Presentation
19/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Start SAP GUI or Browser
1
2
3
User Desktop
NW AS JAVA
DIAG, RFC (SNC)
HTTPS (SPNEGO)
Single Sign-On andSecure Communication
HTTPS (SPNEGO)Windows Authentication
KerberosToken
In a Nutshel
Relies on I Authenticati
Kerberos Secreated by MDirectory (A
No additionlow TCO
SAP backen
the AD SPNEGO re
version 7.02
Kerberos/SPsupported b
AS Java, HA
Single Sign-On Based on Kerberos / SPNEGO
Microsoft Act ive
Directory (AD)
Microsoft Act ive
Directory (AD)
SAP GUI / NWBC /Browser
SAP GUI / NWBC /Browser
Secure Logi n ClientSecure Logi n Client
Client
Secure Login LibrarySecure Login Library
SAP NetWeaver AS ABAP
SAP NetWeaver AS Java
-
8/11/2019 SAP Single Sign-On Overview Presentation
20/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
User Desktop
Sign into Secure Login Client profile
1
2
3
6
5
Authenticate
Provide X.509Certificate
Verify User Credentials
4
NW AS JAVA
DIAG, RFC (SNC)
HTTPS
Single Sign-On andSecure Communication
HTTPS
Secure Login Client
SAP GUI / Browser /NWBC
In a Nutshe
Relies on Xvery maturtoken
CertificateLogin Serv
SLS providcertificatesrevocation
Multiple wverification
ABAP, UM
Support foalso for legparty Web
Secure Log AS Java
Single Sign-On Based on X.509 Certif icates
SAP GUI / NWBC /Browser
SAP GUI / NWBC /Browser
Secure Login ClientSecure Login Client
Client
Secure L ogin Server (SLS)
Secure L ogin Server (SLS)
SAP NetWeaver AS Java
NW AS JAVA
Secure Login LibrarySecure Login Library
SAP NetWeaver AS AB AP
SAP NetWeaver AS Java
Authen ticati onServer
-
8/11/2019 SAP Single Sign-On Overview Presentation
21/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Single Sign-On Based on SAML
Authenticate
Return SAML Assertion
HTTPS
HTTPS ServiceProvider (SP)
ServiceProvider (SP)
In a Nutshe
Relies on SMarkup Laassertions
Industry stand cross-c
Assertions Provider, r
Authentica
IDP or SP Multiple w
credential v(SPNEGO
ABAP, UM
2
4
5 Single Sign-On andSecure Communication
User Desktop1
Browser Browser
Client
NW AS JAVA
Identity Provider (IDP)
Identity Provider (IDP)
SAP NetWeaver AS Java
Verify User Credentials
3
Aut hent icationServer
Service Provider (SP)
Service Provider (SP)
Service Provider (SP)
Service Provider (SP)
-
8/11/2019 SAP Single Sign-On Overview Presentation
22/34
Whats New in SupportPackage 03
-
8/11/2019 SAP Single Sign-On Overview Presentation
23/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Two-Factor Authentication wi th SAP Authenticator
Two-Factor Authentication
Authentication with One-Time Passwords (OTP)Provide two means of identification
OTP required for login in addition to password or security tokenSecond factor for high security scenarios
Based on SAP Authenticator iOS Application
OTP (6-digit code) created on mobile device
Usage ScenariosIntegrated with Secure Login Server (X.509) and Identity Provider (SAML)
Administrator configures SAP NetWeaver AS Java system to require two-factor authentication
For Web and SAP GUI scenarios
-
8/11/2019 SAP Single Sign-On Overview Presentation
24/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
SSO for SAP GUI for Java on Mac OS X
Secure Login Client fo r Mac Client Computers
Mac OS X 10.7 or higher
Usage Scenarios
Kerberos-based authenticationX.509 certificatesFor SAP GUI scenarios
-
8/11/2019 SAP Single Sign-On Overview Presentation
25/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
RFID-Based User Identification
Identify Users wi th RFID Token (Radio Frequency
Identification)Only privileged persons have physical accessInstant user identification with RFID tokenBased on X.509 certificates
Usage Scenarios
Warehouse and production scenariosKiosk/terminal computers
-
8/11/2019 SAP Single Sign-On Overview Presentation
26/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Hardw are Security Module Support
Hardware Security Module Support for Digital Signatures
Store Private Keys in HardwareProtect Secure Login Server Certificate AuthorityProtect private keys for digital signatures (Secure Store and Forward, SSF)Performance acceleration
SafeNetThales
-
8/11/2019 SAP Single Sign-On Overview Presentation
27/34
Recommendations
-
8/11/2019 SAP Single Sign-On Overview Presentation
28/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Recommendations
Identify the most critical systems. Which systems contain your most sensitive business information?How many people have access to them? Define your overall single sign-on strategy and start with
these critical business systems.
Understand the different modules of SAP Single Sign-On and analyze your system landscape todetermine which SSO standards can be used. If your organization does not have the appropriateresources and know-how, involve SAP Consulting or SAP partners.
Passwords are often the weakest link in enterprises. Prevent the usage of passwords by relying onstandards such as SAML, X.509 certificates, or Kerberos. SAP Single Sign-On offers solutions for all of these standards.
Once you have implemented single sign-on, start enforcing strong passwords in the related systems.Mid-term strategy: Consider disabling user name/password authentication in critical businesssystems.
Provide a tool to store remaining passwords (such as the Password Manager component of SAPSingle Sign-On).
-
8/11/2019 SAP Single Sign-On Overview Presentation
29/34
Summary
-
8/11/2019 SAP Single Sign-On Overview Presentation
30/34
-
8/11/2019 SAP Single Sign-On Overview Presentation
31/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Summary
SAP Single Sign-On is a Single Sign-On Suite thatsupports SAP as well as non-SAP applications.
It offers
Investment protection Flexibility Single sign-on for heterogeneous system landscapes
What are the main business d rivers? Protect business, reputation and trust Lower password related costs Simplicity and agility
-
8/11/2019 SAP Single Sign-On Overview Presentation
32/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Get More Information
Get more information, videos and updateshttp://scn.sap.com/community/sso
Community Network
http://scn.sap.com/community/ssohttp://scn.sap.com/docs/DOC-26724http://scn.sap.com/docs/DOC-26724http://scn.sap.com/community/ssohttp://scn.sap.com/community/sso -
8/11/2019 SAP Single Sign-On Overview Presentation
33/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
Thank you
Contact information:
Product ManagementSAP AG
-
8/11/2019 SAP Single Sign-On Overview Presentation
34/34
2014 SAP AG or an SAP affiliate company. All rights reserved.
2014 SAP AG or an SAP affiliate company. All rights reserve
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG (or an SAP affiliate
company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark i
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP AG or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP AG oaffiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP AG or SAP affiliate company products and sare those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting anadditional warranty.
In particular, SAP AG or i ts affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to devel
release any functionality mentioned therein. This document, or any related presentation, and SAP AGs or its affiliated companies strategy and possible futuredevelopments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP AG or its affiliated companies at any time any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forwlooking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to placundue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.
top related