Skip to Content
0
Mar 19, 2009 at 09:21 AM

Authenticate users against MS AD SSO?

31 Views

Hi,

We are currently elaborating on SSO and external authentication methods. Our environment is a purely MS Win environment where the AD is a Win 2003. SAP is an SAP ECC 6.0 with only ABAP AS no JAVA. As a start of I have set up an SSO using SNC. So at the moment I can access SAP without being prompted for a login. (Provided I have made a successful login to my workstation first of course).

However this is not exactly what we are looking for. What we would like to achieve is rather to still have the SAP login screen but instead of using the SAP standard internal authentication, the authentication should be against the AD. One reason as to why we do not want to have a classic SSO concept is that in the production the share workstations, this means that all activities would be logged back to the user who has made the login to the workstation in the morning. Therefore they all log in with their separate SAP usernames.

I have read thru numerous of forum threads and documents but not being able to find a clear answer whether what we want to do is at all possible or if it would require a third-party product maybe. I have also looked at the report RSLDAPSYNC_USER if this maybe would be the way to go.

What is your experience on this? Is it possible to achieve with SAP standard tools?

Kind regards, Fredrik