Skip to Content
avatar image
Former Member

Win AD SSO not working in Win 10 desktops

Hello Everyone,

I have an issue in performing SSO to BO Launchpad using Win AD in Win 10 machines.It is because of the feature called "Windows Credential guard" which comes along with Win 10.If we disable credential guard, SSO is working fine in Win 10 machines.In case of Win 7 machines, SSO is working fine as expected.But my requirement is to Perform SSO with credential guard in Win 10 because it brings lot of security features.

Also I have performed the BO service account's delegation settings in the below scenarios.

1. Trust this user for delegation to any service(Kerberos only)

Win 7 -----SSO working fine.Win 10(With credential guard)---Not working.

Win 10(Without credential guard)--Working fine.

2. Trust this user for delegation to specified services only. ---Kerberos

Win 7 -----Not working.Win 10(With credential guard)---Not working.

Win 10(Without credential guard)--Not working.

I would be great helpful if you share your experiences in this kind of Win AD SSO issues with Win 10 desktops.

Thanks in advance,

Manhoj

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Oct 18, 2017 at 05:49 PM

    Did you look at this KB article? SAP is saying in the KB ,that it is a Microsoft issue.


    2485300 - Windows AD SSO does not work on Windows 10 version client machines

    Add comment
    10|10000 characters needed characters exceeded

    • If you followed KBA 2182400 to setup constrained delegation and it failed then it was not setup properly. To note clients cache their previous kerberos tickets so when setting it up you must clear the cache (dos prompt klist purge) before attempting SSO (also mentioned in that KBA).

      -Tim

  • Oct 19, 2017 at 02:23 PM

    Which browser are you using? Is BI Launchpad set up as a Trusted Site?

    You also may want to look at the following SAP Notes:

    1379894-Configure IE for SSO

    1767654-Configure Firefox for SSO

    1887193-Configure Chrome for SSO

    -Dell

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 31, 2017 at 10:34 PM

    Manhoj, Did you find a solution?

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Mahesh,

      Still working with SAP.

      SAP is trying to push it to Microsoft as it involves constrained delegation.

      Regards,