Single Sign-On for SAP GUI – Enterprise Security Overview
With SAP Secure Login Service for SAP GUI and SAP Single Sign-On you can implement powerful security measures for your business-critical applications that can help you to improve your corporate security.
Multi-Factor Authentication
With multi-factor authentication you can implement a strong form of authentication for business-critical applications. Authentication is based on multiple means of identification: for example, knowledge of a password and possession of a physical device, such as a mobile phone.
With SAP Secure Login Service for SAP GUI, you can use multi-factor authentication by leveraging the capabilities of SAP Cloud Identity Services - Identity Authentication or a third-party identity provider.
SAP Single Sign-On supports multi-factor authentication via time-based one-time passwords (TOTP) generated by the SAP Authenticator mobile app. Alternatively, out-of-band transport of tokens, including one-time passwords sent via SMS or email or RSA/RADIUS, are supported.
Certificate Lifecycle Management
SAP Single Sign-On supports automated renewal of X.509 certificates for SAP NetWeaver Application Server ABAP and SAP NetWeaver Application Server Java, using the on-premise Secure Login Server. This significantly reduces manual effort, eliminates the risks of human errors, and prevents costly system downtime.
An automated central roll-out of trusted root certificates facilitates the transition from self-signed certificates to a PKI-based approach. In addition, the on-premise Secure Login Server can act as Registration Authority of an existing enterprise PKI.
- Certificate Lifecycle Management Using Secure Login Server
- Configuring Certificate Lifecycle Management (Blog)
- Configuration Video (Part 1)
- Configuration Video (Part 2)
- SAP Note 2194174: Certificate Lifecycle Management with Secure Login Server – ABAP Reports
- Automated Certificate Lifecycle Management for SAP HANA