on 03-22-2021 9:49 AM
Hello All,
An existing SAP customer attended a training at MS and they learned that AD Azure is not compatible with Kerberos.
They would like to know if SAP SSO can support a simple authentication method with Azure AD similiar to Kerberos with AD?
Any documentation on SAP SSO and Azure AD would be very much appreciated.
Many thanks in advance and kind regards,
Jean-Luc
Actually, Kerberos SSO isn't integrated directly with Azure AD, you need to deploy Azure AD Domain Services which give Active Directory DC type of behavior (domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication).
Overview of Azure Active Directory Domain Services | Microsoft Docs
After deploying Azure AD DS, you can use it similar to local Active Directory DC. So you can use the same steps for integration SAPGUI with AD DC using Kerberos.
Azure AD with SAML 2.0 is only for HTTP like application (such as Fiori Launchpad).
2564192 - Is that possible to use SAML2.0 with SAP GUI connections? - SAP ONE Support Launchpad
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jean-Luc,
I believe this scenario is discussed in this thread
Enable Azure Active Directory driven Single Sign On on SAP GUI and Fiori launchpad
David
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jean-Luc,
you need to provide more details about this, impossible to answer 😉 Are you talking about browser-based applications or SAP GUI?
In which way the Client PCs are domain-joined to Azure, guess those are Azure joined devices. In case you need to work with Kerberos (KDC) there must be a hybrid approach. For more information check here
Cheers Colt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you very much David for directing us to the right conversation.
Best regards,
Jean-Luc
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Carsten,
The customer is mainly interested in SAP SSO for SAP GUI access and applications such as SAP ECC.
Do you have a document which explains how SAP SSO can support Kerberos with Azure AD?
Cheers,
Jean-Luc
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
74 | |
10 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.