Hi,
one of our customers operates his SAP systems incl. BI 4.2 (Linux) in the HANA Enterprise Cloud. Now he likes to implement manual AD authentication (WinAD) to LaunchPad and SSO to BW/DB based on STS and Assertion Tickets. I have done this setup several times, however not for systems running in HEC. Especially I am concerned about how to connect to the customers on premise AD from BI4 HEC system. In my understanding, HEC is to be considered as private cloud and should act as if inside firewall
Has anyone experiences with that, would be great to learn if there are any restrictions to consider for that scenario? Thanks!
KBA 1965433 has a work around for manual AD and AD SSO using the LDAP plugin and trusted authentication. The AD is limited in this scenario but generally good enough for most customer needs. If you need AD SSO to client tools (aoffice, qaaws, cr4e) or multi domain/forest support then you would need HEC to provide an exception to run BI on windows (I'm not sure this will be allowed but is currently the only way for BI to provide this functionality)
Regards,
Tim
Thanks Tim, I just stumbled across this note this morning ;) Will try it out!