SAP NETWEAVER SINGLE SIGN-ON
Transcription
SAP NETWEAVER SINGLE SIGN-ON
S A P N E T W E AV E R ® SINGLE SIGN-ON SAP NETWEAVER® SINGLE SIGN-ON www.secude.com ©2013 SECUDE AG SAP NETWEAVER® SINGLE SIGN-ON SAP NetWeaver Single Sign-On is a modular productivity and security solution for SAP that combines secure authentication, single sign-on and data-in-transit encryption. The challenge Access to an SAP system, whether through SAP GUI, Business Explorer (BEx) or a web browser is traditionally controlled by a username and password combination. The problem is that the average SAP user has access to more than one SAP system, resulting in a growing number of passwords for the user to remember and maintain. Additionally, data transferred between SAP GUI, BEx and back-end SAP systems is only compressed at best but not encrypted resulting in passwords and other sensitive information being exposed in cleartext. The Solution SAP NetWeaver Single Sign-On addresses all of the above issues by providing secure access to SAP systems while encrypting all data-in-transit through Secure Network Communication (SNC). Its integrated single sign-on capabilities seamlessly integrate into existing Microsoft Active Directory, LDAP or Public Key Infrastructures, among others. Use Cases SAP NetWeaver Single Sign-On can be deployed to address a wide range of use cases, including: •Encryption of SAP GUI traffic (available free of charge) •Single sign-on for SAP GUI for Windows with Kerberos •Single sign-on for SAP GUI for Windows and Smart Cards Integration •Single sign-on for SAP GUI for Windows and/or Web Applications •Web Client – Zero Footprint Client option for SAP GUI and Web Applications •Web based and Web Service based Single Sign-On via the open SAML standard •Enterprise Single Sign-On Components The solution consists of different components (some of them are optional) that can be mixed and matched to fit your exact needs and environment. The main components include: •Secure Login Client (32/64bit) •Secure Login Web Client (Java Applet for zero footprint implementation) •Secure Login Library (for ABAP servers) •Secure Login Server (optional, runs on SAP NetWeaver 7.3+) •Enterprise Single Sign-On Client FOR MORE INFORMATION PLEASE VISIT WWW.SECUDE.COM OR CONTACT US DIRECTLY Single Sign-On With single sign-on users login only once (i.e. to the operating system). All subsequent logins are handled securely and transparently by the SAP NetWeaver Single Sign-On client in the background resulting in increased user productivity and significantly reduced helpdesk calls. Strong Authentication NetWeaver Single Sign-On supports strong user authentication through integration with existing user stores, such as Active Directory, LDAP, RADIUS or SAP UME, as well as existing authentication technologies including digital certificates (X.509) and Kerberos. Enterprise Single Sign-On To extend the benefits of NetWeaver Single Sign-On to non-SAP applications, the solution includes an Enterprise Single Sign-On component that integrates virtually with any Windows, Web or Terminal application. Single sign-on is achieved by storing the users’ account credentials for all non-SAP applications in a secure container. Upon logon to an application that prompts the user to authenticate Enterprise Single Sign-On looks up the correct credentials in the secure container and automatically provides them to the application. For example, if a user starts a web-based application that demands a username and password, Enterprise Single Sign-On will recognize the application and automatically enter the details, enabling rapid and easy login. Enterprise Single Sign-On can similarly recognize terminal emulation logon dialogs, protected Microsoft Word documents, and much more. SNC Client Encryption In the web world, Transport Layer Security (TLS) is the standard method for encrypting communication channels between client and server. In the SAP world, communication between SAP GUI and ABAP servers are not encrypted. Anyone with access to the corporate network could sniff traffic in order to extract SAP passwords as well as other sensitive information. In a partnership that dates back to 1996, SAP and SECUDE have developed and implemented the Secure Network Communications (SNC) standard enabling the encryption of SAP network traffic. Enabling SNC requires each communication partner to have a cryptographic library, which can be downloaded from the SAP marketplace. FOR MORE INFORMATION PLEASE VISIT WWW.SECUDE.COM OR CONTACT US DIRECTLY info@secude.com www.secude.com Switzerland SECUDE International AG Werftestrasse 4A 6005 Luzern Tel: +41 61 366 30 00 Fax: +41 61 366 30 26 GERMANY SECUDE GmbH Rheinstrasse 97 64295 Darmstadt Tel : +49 6151 828 97 0 Fax : +49 6151 828 97 26 USA SECUDE IT Security, LLC 3331 Sundew Ct Alpharetta, GA 30005 Tel: +1 (770) 360-5530 Fax: +1 (678) 264-1538 Singapore SECUDE Singapore Pte Ltd 12 Marina Boulevard #17-01 Marina Bay Financial Centre Tower 3 Singapore 018982 Tel: +65 6809 5096 Fax: +65 6809 5001 ABOUT SECUDE SECUDE is an innovative global provider of IT data protection solutions. The company was founded in 1996 as a partnership between SAP AG and the Fraunhofer Institute in Germany. Fraunhofer is Europe’s largest application-oriented research organization. In early 2011, SECUDE sold SECUDE Application Security to SAP AG, to focus on its core competency: Endpoint Security. SECUDE helps customers protect sensitive data from loss or theft and to meet legal and industry requirements and guidelines. Since 2011, SECUDE has been part of the SAP® PartnerEdge™ Value Added Reseller program and an SAP distribution partner in Germany, Switzerland and the USA. As an SAP Value Added Reseller (VAR), SECUDE sells licenses, consulting and implementation services for the SAP NetWeaver® Single Sign-On solutions in addition to its own product portfolio. Today, SECUDE is trusted by a large number of Fortune 500 companies, including many DAX companies. Bringing together best global talent in the IT security industry, SECUDE has offices in Europe, North America and Asia. FOR MORE INFORMATION PLEASE VISIT WWW.SECUDE.COM OR CONTACT US DIRECTLY
Similar documents
Untitled
automatically enter the details, enabling rapid and easy login. Enterprise Single Sign-On can similarly recognize terminal emulation logon dialogs, protected Microsoft Word documents, and much more.
More information