on 10-18-2017 6:25 PM
Hello Everyone,
I have an issue in performing SSO to BO Launchpad using Win AD in Win 10 machines.It is because of the feature called "Windows Credential guard" which comes along with Win 10.If we disable credential guard, SSO is working fine in Win 10 machines.In case of Win 7 machines, SSO is working fine as expected.But my requirement is to Perform SSO with credential guard in Win 10 because it brings lot of security features.
Also I have performed the BO service account's delegation settings in the below scenarios.
1. Trust this user for delegation to any service(Kerberos only)
Win 7 -----SSO working fine.Win 10(With credential guard)---Not working.
Win 10(Without credential guard)--Working fine.
2. Trust this user for delegation to specified services only. ---Kerberos
Win 7 -----Not working.Win 10(With credential guard)---Not working.
Win 10(Without credential guard)--Not working.
I would be great helpful if you share your experiences in this kind of Win AD SSO issues with Win 10 desktops.
Thanks in advance,
Manhoj
Manhoj, Did you find a solution?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Which browser are you using? Is BI Launchpad set up as a Trusted Site?
You also may want to look at the following SAP Notes:
1379894-Configure IE for SSO
1767654-Configure Firefox for SSO
1887193-Configure Chrome for SSO
-Dell
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did you look at this KB article? SAP is saying in the KB ,that it is a Microsoft issue.
2485300 - Windows AD SSO does not work on Windows 10 version client machines
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jawahar,
Thanks for your response.I have tried that, its basically suggesting to use constrained delegation & disabling credential guard.
Constrained delegation --- Not working in Win 7 & 10 machines.
Disabling credential guard--- We cannot go for this option as it involves many security features packaged with our company's security policy.
The next step is to configure constrained delegation working at-least in Win 7 machines, so that we can narrow down further to Win 10 with Microsoft.
Thanks,
Manhoj
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.