We are trying to implement Windows AD authentication on SAP HANA 2.0 SP2.
The scenario would be:
1. Users are assigned to Windows AD groups by the company.
2. These groups are assigned to HANA roles (+packages & Analytical Privileges).
3. Users logs into HANA using Windows AD authentication. No new user needs to be created in HANA.
4. A new employee joins the organization and is tagged to a Windows AD group. He/she automatically gains access to all the auth other group members have. Again, there is no new user ID created.
I read about LDAP authentication on SAP help on the link below but still am a bit confused on the feasibility of all the above 4 points.
Can you please share some inputs/experiences on similar setups that you might have performed?