Carsten Olt

AD Authentication for BusinessObjects running in the HEC

Posted on Jul 10, 2017 at 04:59 AM 292 Views

Hi,

one of our customers operates his SAP systems incl. BI 4.2 (Linux) in the HANA Enterprise Cloud. Now he likes to implement manual AD authentication (WinAD) to LaunchPad and SSO to BW/DB based on STS and Assertion Tickets. I have done this setup several times, however not for systems running in HEC. Especially I am concerned about how to connect to the customers on premise AD from BI4 HEC system. In my understanding, HEC is to be considered as private cloud and should act as if inside firewall

Has anyone experiences with that, would be great to learn if there are any restrictions to consider for that scenario? Thanks!

Add a comment

3 Answers

Sort by:

Votes

Newest

Oldest

Best Answer

This answer has been deleted.

This answer has been undeleted.

Tim Ziemba

Posted on Jul 10, 2017 at 12:18 PM

0
KBA 1965433 has a work around for manual AD and AD SSO using the LDAP plugin and trusted authentication. The AD is limited in this scenario but generally good enough for most customer needs. If you need AD SSO to client tools (aoffice, qaaws, cr4e) or multi domain/forest support then you would need HEC to provide an exception to run BI on windows (I'm not sure this will be allowed but is currently the only way for BI to provide this functionality)
Regards,
Tim
- Add a Comment
- Alert Moderator
- Share
Add a comment
10|10000 characters needed characters left characters exceeded
1 Comment
- Spalding Glen
  
  Oct 22, 2019 at 08:54 PM
  
  hi tim, could you comment here too
  
  we have a third party quoting us for a single box, LDAP SSO into LaunchPad. i'd like to know how long a professional would take to setup SSO using HEC.
  
  ta
  - Like 0
  - Share
  - Alert Moderator
Comment on This Answer

Comment
This answer has been deleted.

This answer has been undeleted.

Carsten Olt

Posted on Jul 10, 2017 at 12:28 PM

0
Thanks Tim, I just stumbled across this note this morning ;) Will try it out!
- Add a Comment
- Alert Moderator
- Share
Add a comment
10|10000 characters needed characters left characters exceeded
1 Comment
- Spalding Glen
  
  Oct 22, 2019 at 08:53 PM
  
  hi carsten, i am curious as we also have similar requirement.
  
  we have a third party quoting us for a single box, LDAP SSO into LaunchPad. i'd like to know how long a professional would take to do this using HEC too.
  
  ta
  
  g
  - Like 0
  - Share
  - Alert Moderator
Comment on This Answer

Comment
This answer has been deleted.

This answer has been undeleted.

Tim Ziemba

Posted on Oct 23, 2019 at 10:34 AM

0
If you review the KBA https://apps.support.sap.com/sap/support/knowledge/preview/en/1965433 , everything can simply be done in a relatively short amount of time (hour+). However the larger amounts of time will be on choosing a DC, opening the firewall, getting approvals, etc. This would probably to be part of whatever contract was in place.

-Tim
- Add a Comment
- Alert Moderator
- Share
Add a comment
10|10000 characters needed characters left characters exceeded
0 Comments
Comment on This Answer

Comment

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.

Rules of Engagement

Know someone who can answer? Share a link to this question.

Attachments: Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.

AD Authentication for BusinessObjects running in the HEC

Add a comment

Assigned Tags

Related questions

3 Answers

Add a comment

Add a comment

Add a comment

Before answering