SAP and SecureLogin

  • 7940452
  • 19-Aug-2009
  • 26-Apr-2012

Environment

SecureLogin SSO

Situation

How does SecureLogin integrate with SAP?

SAP and SecureLogin

Resolution

SecureLogin integrates with SAP out-of-the-box, without having to change SAP in any way or install modules on any application servers. There are predefined application definitions for the SAP GUI client and SecureLogin can also integrate with web based SAP systems using the powerful web wizard or via a web application definition. The SAP GUI client versions SecureLogin works with include SAP v6.2 and v6.4, and earlier versions of SAP running FRONT.EXE.

When a user starts up the SAP GUI client (even without SecureLogin) they typically select a system they wish to connect to from the SAP Logon Pad. Once they select the system, SAP passes some messages to Windows including the SAP System Selected.

With SecureLogin installed and configured for SAP (it can be configured centrally for the entire organization but you typically have to configure the SAP systems you wish to connect to within SecureLogin) these messages can be read and SecureLogin will then retrieve and enter the appropriate credentials to the backend system on the user’s behalf.

The credentials for the different backend SAP systems can all be different if desired because SecureLogin will handle remembering and managing them on the user’s behalf (some organizations weaken security by implementing password synchronization to help solve the problem of users having to remember multiple credentials but SecureLogin is able to solve it via increased security).

For organizations with high security requirements, application re-verification can optionally be configured. This involves prompting the user for their smart card/PIN, One Time Password/Token, or biometric (e.g. fingerprint) before SecureLogin will retrieve and enter the SAP credentials and pass them to the backend system.

In addition to logon and application re-verification, SecureLogin can handle passwords that expire or if a user opts to change the password from within the application.

A SAP Password Policy can be configured and SecureLogin supports the user selecting a new password or it can randomly generate a password on the user’s behalf. All SAP credentials are managed and remembered by SecureLogin so they can be extremely strong and complex.