Skip to Content

SAPGUI NTLM SSO licensing

Is there a licensing involved when using NTLM SSO specifically documented in this URL Single Sign-On with Microsoft NT LAN Manager SSP - User Authentication and Single Sign-On - SAP Library?

Is there documentation anywhere referencing licensing or no licensing using this SSO method?

If there is licensing involved, are there any free SSO licensing schemes available for SAPGUI?

Thanks

Regards,

Mel Calucin

Add comment
10|10000 characters needed characters exceeded

2 Answers

  • Best Answer
    Posted on Aug 21, 2014 at 10:32 AM

    Donka,

    Thanks for your concern. In an all Microsoft Windows SAP environment, I don't think this is much of a concern. But my question is -- "Is there a monetary cost in terms of SAP licensing? Basically, is it free?".

    Thanks.

    Mel Calucin

    Add comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 21, 2014 at 06:58 AM

    Hello Mel,

    I hope you noticed the note in the documentation: "The Microsoft NTLM SSP only provides authentication based on a challenge-response authentication scheme. It does not provide data integrity or data confidentiality protection for the authenticated network connection."

    If your company could afford to focus only on SSO and not to care about integrity and confidentiality of the business data, then it will be ok - this solution doesn't require licence but you have to make sure you implement mitigation for this risk.

    On the other side we strongly recommend to our customers to protect their business data and to use the SNC Client encryption in combination with SSO for SAP GUI that is available via our SAP Single Sign-On product because the risk is not always coming from outside the corporate network. There are a lot of researches that show the security risks available also internally.

    I hope this will help you in your research for an SSO solution to SAP GUI for your project.

    Best regards,

    Donka Dimitrova

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Mel,


      This scenario relies mostly on 3rd party components not controlled by SAP. As a result, SAP's support is strictly limited to SAP's side of the code which calls external products according to the definition of the GSS-API v2 interface specification (rfc-2743, rfc-2744) with the constraints published as part of SAP's BC-SNC interoperability certification. More details you will be able to find in the SAP note: http://service.sap.com/sap/support/notes/150380 .


      And again we strongly recommend for your scenario the solution we offer with SAP Single Sign-On product.

      Best regards,

      Donka Dimitrova