This is about SAP single sign-on.
SAP single sign-on allows users to use either SAP or non-SAP applications using the same username and password.
Learn what SAP single sign-on is in detail and its benefits.
Let’s get started!
What Is Sap Single Sign-on?
SAP SSO (Single Sign-On) is a software product that enables users to access SAP and non-SAP applications using a single user ID and password.
SAP single sign-on was created by Secude. SAP acquired the single sign-on technology and other assets from Seduce in 2011 after being a SAP technology partner for 15 years.
Generally speaking, single sign-on is a way to log into an application.
SSO is an authentication method that lets a user log into several related but independent software systems with a single ID and password.
The opposite of a single sign-on is to have one user ID and one password for each system.
SSO coordinates the authentication process between different systems and applications through the use of shared authentication servers. It combines this with techniques to eliminate users from entering their credentials more than once.
True single sign-on allows users to log in only once and then access services without having to put in their credentials again.
The following are the benefits of single sign-on in general:
- Reduce time spent re-entering the same passwords.
- Reduce password fatigue by using different usernames and passwords.
- Reducing risk of accessing third-party sites, with no externally stored or managed passwords.
- Reduced IT costs because of fewer calls to IT help desks about passwords.
SAP Single Sign-on Benefits
According to SAP, SAP single sign-on provides benefits in terms of:
- IT efficiency: SAP SSO increases IT efficiency since you don’t have to set up, update, and reset passwords for different systems or manage password policies.
- Security: SAP SSO increases enterprise security because it uses advanced authentication and encryption technologies and since all passwords are kept in one central, secure repository.
- Cost lowering: SAP SSO reduces costs and maximizes efficiency by cutting down on the number of support calls related to passwords. Additionally, it reduces the need for manual password resets.
SAP Single Sign-on Features
According to SAP, SAP Single sign-on works for SAP applications as well as non-SAP applications.
SAP single sign-on is based on open standard security technologies, including:
- Kerberos: Kerberos is an authentication protocol for computer networks; it uses tickets to allow computers to communicate on insecure networks and securely prove their identity to one another.
The protocol is named for the Greek mythological character Kerberos, a vicious three-headed dog of Hades. It was designed for client-server use, and it offers mutual authentication. Thereby The client and the server verify each other’s identity. - SAML (Security Assertion Markup Language): SAML is a means to exchange authentication and authorization data between parties, primarily between a service provider and an identity provider.
SAML is an XML markup language used for security assertions. Security assertions are statements for service providers to decide on access control. - X.509 digital certificates: X.509 defines the format for public key certificates. X.509 certificates form the basis of many Internet protocols, including HTTPS.
HTTPS is the secure internet protocol for browsing the web.
A X.509 certificate can also be used in offline applications, such as electronic signatures.
X.509 certificates contain a public key and an identifier such as the host name, an organization, or an individual. They are either self-signed or signed by a certificate authority.
Features that are specific to SAP SSO are:
- Encryption-only mode: Encryption-only mode that uses SNC (Secure Network Communication) and works with SAP systems even in the absence of or when not configured user-specific security tokens.
- Life cylce management: Automated life cycle management of certificates for SAP ABAP NetWeaver Application Server, reducing manual efforts, reducing downtime, and reducing human error in renewal.
- Secure Mobile access: Secure login server allowing provisioning X.509 certificates for mobile devices.
- PFC (Perfect Forward Secrecy): Support PFC for SNC communication, which reduces the chances of compromised keys enabling attackers to decrypt session data previously recorded.
- PKI integration: Integration with existing PKI (Public Key Infrastructure) implementations by allowing the use of a single PKI implementation in the company if there is already one.
- Secure web access: Secure login web client enables businesses to run processes in a browser, either on premises or in the cloud.