cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP SS0 2.0 Strategy

cognizant_serviceuser
Explorer

on ‎04-05-2018 2:56 PM

0 Kudos

Hi All,

I would like to post this question and get opinion.

Scenario: SAP systems are running at on-premises datacenter and SAP SS0 2.0 facilitates single sign on to ABAP and Java systems.

We are now setting up a greenfield SAP landscape in Microsoft Azure which would have SAP products like S/4, BW, Gateway etc.

The question is: Can we use the existing SSO at on-premises for connecting to Azure landscape as well or can we move SSO to Azure or setup a new SSO in Azure. As of today we have 3500 users using on-premises SAP systems and aiming at 6000 users accessing SAP system in Azure in 3 years time with utilizing wider SSO features(Fiori, etc).

Is there a strategical best practice .

how is SSO license calculated. Guess it is calculated for number of users but if a company uses two domains then can we use the same SSO license for running Netweaver SSO on two different domains(Azure and On-Premises).

Regards

SAP Basis

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Colt
Active Contributor
‎04-06-2018 8:49 AM

Hi SAP Basis (?)

difficult to answer, but I would choose a different approach. Try to break down the SSO requirements by creating an inventory of all applications you want to use, which UI technology (e.g. SAP GUI, RFC client, Browser, Native App...) and which technologies you prefer to use (Kerberos/SPNego, X.509, SAML). Sure you will still be able to use parts of your on-prem SSO for your SAP systems hosed in the cloud. Especially when it comes to web based access the key to this normally is using an SAML 2.0 IdP and identity federation, which allows cross-premise scenarios.

My advice: You should setup a project, involve experts and perform kickoff workshop to determine your exact requirements now (short) but also for future use-cases. Based on that you should create a SSO concept. Involve SAP account executives to support you in licensing questions based on your concept/requirements.

Regards, Carsten

Show replies
Show replies
cognizant_serviceuser
Explorer
‎04-18-2018 8:29 AM
0 Kudos

Hello Carsten,

Thanks for the valuable suggestion and that helps. At the moment we dont have a pressing reason to move SSO to Azure instead we would have SAP SSO at on-prem and use it for both Azure and On-Prem.

I am Dinesh by the way.

Show replies
Show replies
Ask a Question