cancel
Showing results for 
Search instead for 
Did you mean: 

SSO Doubts !! Help required

Former Member
0 Kudos

Hello everybody,

I have few doubts implementing SSO with EP. Let me first briefly explain our design approach.

We have 5 SAP boxes (R/3, APO, BW, Portal, K-pro) in our landscape and we want to have the functionality of SSO via EP and Active directory to access them.

I guess i have read all blogs on SDN and lot of SAP documentation for it and below is high level design based upon my understanding.

1. For internal users(employee) create there user ID in SAP-HR and push it into Active directory using LDAP connector.

2. Portal and Basis admin to setup the security for these users so that the user can access only those boxes and transaction which they are suppose to access.

3. User will login into EP and it will authenticate it against Active directory and issue login ticket.(if successful).

4. This ticket will be used to access other SAP boxes.

Now below are my doubts:

1. At what level i will control access of various SAP boxes (APO, BW, R/3, Kpro) for a user ID. Can i control it at Enterprise Portal User management or should i do it in Acive directory. eg: a given user should have access only to portal and R/3 boxes and not to other SAP boxes.

2. How to handle external users (Customers and vendors) in this architecture, should i create a user id for them in each SAP box to handle security or is there a work around.

For employee's i am creating HR master in SAP and then planning to use LDAP and use infotype PA0105 for linking employee master with User ID. And then use this user ID to control security/authorization in various systems.

Though not sure about external users.

3. Should i allow External users and Internal users to share same Network domain, i mean what is the best practice.

4, How does companies having multiple SAP boxes achieve SSO, is my appraoch correct or is there a batter or easier way.

Thanks in advance.

Regards,

Jeet

<i></i>

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Jeet,

Have you reviewed the SSO Overview (*.ppt) on service marketplace? You can grab it.

http://service.sap.com/security

->Security -> Identity Management -> Secure System Management

If you are using LDAP+Database as your UME repository, and not using any other (i.e. R/3, etc.) you can create OU's on LDAP to contain external/internal users on separate OU's. The portal roles and definitions with your SAP Connectivity Objects (that you will create on System Landscape -> UM Configuration within the Portal) will have your backend systems configured...Your role definition will determine which user (based on their R/3 profile) can access the appropriate R/3 systems.

The SSO Overview will go over the SSO scenarios quite comprehensively.

Regards,

James

Former Member
0 Kudos

Hi James,

Thanks for the reply, i guess you have directed me in right direction, let me explore it further.

Thanks,

Jeet