on 07-25-2017 1:18 PM
Dear Floks,
I would like to see your help to clarify an implementation for AD to SAP authentication and user management.
First of all, here is the landscape overview:
1. SuccessFactor on cloud
2. S/4 HANA premise
3. Windows AD
The requirements are:
1. automate the creation of user in S/4 HANA ABAP system (e.g. synchronize the user account from AD to SAP)
--> I think it can be done by setup of LDAP connector within S/4 and syhronize job, right?
2. synchronize the password of AD and SAP user account (most likely AD to SAP)
--> I did some research before and now also, seems it is still not feasible, right?
3. allow user to login S/4 via SAPGUI by inputting AD user name & password
--> Feasible? How to do so and what additional server/product/component required?
4. allow user to login S/4 via Web Browser by inputting AD user name & password
--> it should work with MS ADFS + SAML configuration in S/4, right?
--> also can make use of webdispatcher to let user to login from Internet, right?
Please kindly advise...many thanks!
Regards
Gary
Hi Gary,
there are two products you should look into: SAP Identity Management and SAP Single Sign-On.
1. Take a look at the SAP Identity Management solution, which centralizes user management across SAP and non-SAP systems in your landscape: https://www.sap.com/community/topic/identity-management.html
2. Use SAP Single Sign-On. You can re-use your Windows logon to get SSO. Kerberos might be the best technology for you to look into: https://blogs.sap.com/2017/07/27/sap-single-sign-on-authenticate-with-kerberosspnego/
3. Yes, see previous answer
4. With SAP Single Sign-On
The Web Dispatcher can act as a reverse proxy and allows you to access on-premise systems from the Web, see https://wiki.wdf.sap.corp/wiki/download/attachments/841582500/WebDispatcherOverview-External.pdf?ver...
Kind regards
Regine
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Regine,
I understand SAP SSO can fullfill certain scenarios but I still wonder if it can really help in my case.
My requirement is user MUST inputting Windows AD user name & password" to login SAP system (by mean of both browser (to support webgui/fiori) & SAP GUI).
I read many info and demo about SAP SSO product, it do not talk about this case exactly.
And I think you mentioned "re-use your Windows logon to get SSO" = when user click on logon entry in SAP GUI it will logon without any prompt of login/pw, am I right? If yes, it cannot help and meet my customer requirment.
May I ask you help to confirm if the solution is available from SAP?
Thanks much for your help.
Regards
Gary
User | Count |
---|---|
70 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.