Single Sign-On for SAP GUI – Enterprise Security Overview

With SAP Secure Login Service for SAP GUI and SAP Single Sign-On you can implement powerful security measures for your business-critical applications that can help you to improve your corporate security.

Multi-Factor Authentication

With multi-factor authentication you can implement a strong form of authentication for business-critical applications. Authentication is based on multiple means of identification: for example, knowledge of a password and possession of a physical device, such as a mobile phone.

With SAP Secure Login Service for SAP GUI, you can use multi-factor authentication by leveraging the capabilities of SAP Cloud Identity Services - Identity Authentication or a third-party identity provider.

SAP Single Sign-On supports multi-factor authentication via time-based one-time passwords (TOTP) generated by the SAP Authenticator mobile app. Alternatively, out-of-band transport of tokens, including one-time passwords sent via SMS or email or RSA/RADIUS, are supported.

Certificate Lifecycle Management

SAP Single Sign-On supports automated renewal of X.509 certificates for SAP NetWeaver Application Server ABAP and SAP NetWeaver Application Server Java, using the on-premise Secure Login Server. This significantly reduces manual effort, eliminates the risks of human errors, and prevents costly system downtime.

An automated central roll-out of trusted root certificates facilitates the transition from self-signed certificates to a PKI-based approach. In addition, the on-premise Secure Login Server can act as Registration Authority of an existing enterprise PKI.