SAP Security Portfolio
- Secure Access:
- Single sign on
- SAP Cloud Platform identity Authentication
- Secure Code: SAP Netweaver AS Add on for code vulnerability analysis
- Detect attacks:
- SAP Enterprise threat detection
- Manage users & Permissions
- SAP Identity management
- SAP Access Control
Secure Access
Secure helps in preventing unauthorised access to your business system which is crucial for the organisation security. They offer secure, convenient single log in for all business whether its on premise and in cloud.
Detect Attacks
With ever increasing cyber crimes SAP Threat Detection allows you to maintain your system Landscape in Real time
Benefits of Single Sign on On premise and in cloud
Security
- We can secure and authenticate our Applications and landscape with one strong password, optionally with additional factors
- This helps in Eliminating the need for password reminders on the post-it notes
- We can secure all passwords and keep them protected, in one central place
- Cost efficiency
- Efficiency gains as users now have to remember only one password
- Higher productivity can be reached due to the reduced efforts involved in manual authentication, password reset, etc.
- There will be Low TCO of running a secure landscape by management of server-side certificates
Simplicity
- It’s a Lean product which can be implemented faster phase in implementation project, quick ROI
- There will be no more need to provision, protect, and reset the passwords among many systems
- There will not be any requirement for password policies across many systems
SAP Single Sign-On for on – premise landscapes
Simple and secure access
- Provides Single sign-on for SAP desktop clients ,web applications and for mobile devices
- SAP provides Support for cloud and on-premise landscapes as well
Secure data communication
- Data Encryption is provided for communication with SAP GUI and other desktop clients
- It provides Digital signatures options
- FIPS 140-2 certification of cryptographic functions
Advanced security capabilities
- It involves in Two-factor and risk-based authentication
- Authentication can be done with smart cards or RFID tokens
- There will be Simplified lifecycle management of the server-side certificates
SAP Cloud Platform Identity Authentication service
Access protection
- The access protection option provides Identity federation and web single sign-on which is based on SAML 2.0
- It Secures the landscape integration with on-premise authentication servers
- Though its Social-, two-factor- its risk-based authentication
Manage users and access to applications
- It helps in User administration and integration of user stores with on-premise
- Extends User groups and application access management
- It is basically User self-services
- Has Password and privacy policies to be followed
Enterprise features for integration
- Helps in Branding of end user UIs
- offers Programmatic integration via SCIM* standard
SAP Single Sign On Main Scenarios & Capabilities
Single sign-on
- In this scenario if you Authenticate once to an authentication server (MS-Active Directory, AS ABAP,..)
- The security token required confirms your identity to login to business applications. This is done for each and every subsequent login done to the business application
Multiple sign-on
- With this option you can Authenticate each time you when you access a business application
- Authentication is done against a central authentication server and not the business application itself
Multi-factor authentication
- In this type of authentication additionally to the information about password, you need to authentic and carry a physical element (example mobile phone, RSA SecurID card, etc.)
- There is an option to Implement both single sign-on and multiple sign-on
- Programmatic integration is done through SCIM* standard
Focus on simplicity
Simplicity is key for SAP Single Sign-On.
The Security capabilities should be easy to implement and use them. We should not make the Customers feel or carry the weight of the implementation efforts against the benefits of running a secure landscape. So make it simple with single sign -on.
Simple software roll-out
- As part of the regular SAP Kernel the cryptographic library is shipped and updated regularly
- The desktop client is installed using SAP Setup and can be easily integrated into the SAP GUI roll-out
- There is no need to install add-ons, or any need to modify the ABAP sources
Simple configuration
You can use standard ABAP transactions SPNEGO and SNCWIZARD for the configuration
There is no need to work on the server command line
Simple operations
SAP Single Sign-On is tightly integrated into the SAP NetWeaver stack, re-using its existing, proven infrastructure and security framework.