Skip to Content
author's profile photo Former Member
Former Member

BPC 5 integration with AD and single sign on


I'm wondering if someone is able to help me understand a little bit more about how the BPC product authenticates users. I noticed on an initial demonstration of the product that there seemed to be two places a user was authenticated

a) when connecting to Web interface the user was seemlessly logged in (ie user information appeared in the Action Pane.)

b) when accessing BPC for Office the user was prompted for user name and password.

I'm assuming the first login is being done by the IIS server due to the Integrated Windows Authentication being enabled on the IIS server (feel free to correct me if I'm wrong).

Its really the second layer of login that I am interested in understanding. I am assuming it is the BPC application itself which is prompting for the user / password combination and then takes this information and authenticates it against AD using NTLM/Kerberos?. Can someone confirm if this is the case?

If so is it possible to integrate these two components so the user is only authenticated once? Ideally I'd prefer to have the user prompted for username/password on initially accessing the web page and then not get prompted again, is this possible?

Greatly appreciate your help.


Stephen Moore

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Oct 01, 2007 at 04:43 PM

    Hi Stephen,

    Yes, web authentication is done to IIS, and from Office, authentication is done against the Application Server directly (end user repository is AD as you said).

    Unfortunately it is not possible to have this as a ‘single’ sign on.

    The only other thing you can do is there is a “SOX compliance” checkbox in Server Manager. If you do not have this ticked, passwords will be ‘remembered’ so users don’t have to type them in again (but note that this is not SOX compliant, so you need to be cautious about it).



    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Oct 01, 2007 at 05:03 PM

    Also, see our Product Manager extraordinairre Laura DiTomasso's white paper on authentication within SAP BPC 5.x



    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Laura,

      Thanks for the reply. I was just trying to confirm that the only communication from the client to the Web/App tier is via HTTP/HTTPS. We are just concerned that SOAP is often clear text messages which potentially raises a security concern for us.




Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.