cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD to SAP authentication and user management for SAPGUI & WebBrowser

former_member146669
Participant

on ‎07-25-2017 1:18 PM

0 Kudos

Dear Floks,

I would like to see your help to clarify an implementation for AD to SAP authentication and user management.

First of all, here is the landscape overview:

1. SuccessFactor on cloud

2. S/4 HANA premise

3. Windows AD

The requirements are:

1. automate the creation of user in S/4 HANA ABAP system (e.g. synchronize the user account from AD to SAP)

--> I think it can be done by setup of LDAP connector within S/4 and syhronize job, right?

2. synchronize the password of AD and SAP user account (most likely AD to SAP)

--> I did some research before and now also, seems it is still not feasible, right?

3. allow user to login S/4 via SAPGUI by inputting AD user name & password

--> Feasible? How to do so and what additional server/product/component required?

4. allow user to login S/4 via Web Browser by inputting AD user name & password

--> it should work with MS ADFS + SAML configuration in S/4, right?

--> also can make use of webdispatcher to let user to login from Internet, right?

Please kindly advise...many thanks!

Regards

Gary

Show replies
Show replies
Answer
View Entire Topic
RegineSchimmer
Product and Topic Expert
Product and Topic Expert
‎08-02-2017 8:58 AM
0 Kudos

Hi Gary,

there are two products you should look into: SAP Identity Management and SAP Single Sign-On.

1. Take a look at the SAP Identity Management solution, which centralizes user management across SAP and non-SAP systems in your landscape: https://www.sap.com/community/topic/identity-management.html

2. Use SAP Single Sign-On. You can re-use your Windows logon to get SSO. Kerberos might be the best technology for you to look into: https://blogs.sap.com/2017/07/27/sap-single-sign-on-authenticate-with-kerberosspnego/

3. Yes, see previous answer

4. With SAP Single Sign-On

The Web Dispatcher can act as a reverse proxy and allows you to access on-premise systems from the Web, see https://wiki.wdf.sap.corp/wiki/download/attachments/841582500/WebDispatcherOverview-External.pdf?ver...

Kind regards

Regine

Show replies
Show replies
former_member146669
Participant
‎08-14-2017 3:54 AM
0 Kudos

Dear Regine,

I understand SAP SSO can fullfill certain scenarios but I still wonder if it can really help in my case.

My requirement is user MUST inputting Windows AD user name & password" to login SAP system (by mean of both browser (to support webgui/fiori) & SAP GUI).

I read many info and demo about SAP SSO product, it do not talk about this case exactly.

And I think you mentioned "re-use your Windows logon to get SSO" = when user click on logon entry in SAP GUI it will logon without any prompt of login/pw, am I right? If yes, it cannot help and meet my customer requirment.

May I ask you help to confirm if the solution is available from SAP?

Thanks much for your help.

Regards

Gary

Ask a Question