Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Microsoft Active Directory Integration

former_member397702
Discoverer

on ‎2015 Jun 06 11:44 PM

0 Likes
2,933


Hi experts

We have two issue for our customer:

1-Integration of SAP User Administration into Microsoft Active Directory: Our customer wants to synchronize their SAP users and passwords with Microsoft Active Directory but they dont want to use Single Sign-on.

2-Creating and Synchronize Users in Active Directory from Employee Data Stored in SAP HR

We found two document related with this issue but their version is very old. Is there any new version of this document or we have to use different technology (for example Netweaver Identity Management)?

Related links are:

Best Regards....

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
hynek_petrak
Active Participant
‎2015 Jul 21 9:33 PM
0 Likes

Hi Hande,

I can imagine implementing a password hook on your domain controller: PasswordChangeNotify callback function (Windows)

which would then update the SAP password for a user on all defined SAP instances via RFC call to BAPI_USER_CHANGE.

All the above would require some 200-300 lines of code, however from a security standpoint, I strongly discourage you of implementing that. Your active directory passwords are safe as long as you keep them on the domain controller and you do not touch them. Any attempt like above leads to compromise of user credentials.

Either keep the authentication separate or go for SSO. Do not synchronize the passwords.

Hynek

Show replies
Show replies
Ask a Question