SSO All SAP solution with windows Active directory

Dear Experts,
We have multiple sap solution like
SAP ERP EHP7
SAP BW
SAPBO
SAP EES/MMS
SAP Solution Manager
And all solutions based on Operating system AIX and database is DB2
We want to configure SSO ( using windows 2012 active directory users ) with all above systems and it's clients.
Kindly guide me how to achieve SSO using Windows 2013 active directory users.
DO we need LDAP between Active directory and all servers ?
we need additional SAP license
please guide me
Regards

Hello
You can use SAP Single Sign-on 2.0 solution by SAP to integrate all your systems with SSO. The solution contains all what is required for configuring SSO in SAP ABAP and Java Systems. To know more, you may refer:
1. SAP NetWeaver Single Sign-On 2.0 – SAP Help Portal Page
2. Implementing SAP NetWeaver Single Sign-On 2.0 Based on Kerberos Tokens 1/4 - YouTube
3.Implementing SAP NetWeaver Single Sign-On 2.0 Based on Kerberos Tokens 2/4 - YouTube
4.  Implementing SAP NetWeaver Single Sign-On 2.0 Based on Kerberos Tokens 3/4 - YouTube
5. Implementing SAP NetWeaver Single Sign-On 2.0 Based on Kerberos Tokens 4/4 - YouTube
You will have to buy license for SAP Single Sign-on 2.0.
Regards,
Tapan

Similar Messages

  • SAP IDM with MS Active Directory (OU names in Arabic)

    Dear Gurus,
    With SAP IDM , we need to integrate with MS Active directory such a way that SAP IDM only fetches users who have “SAP” in one of the AD field. That means do not read entire AD but only fetches users in SAP who have “SAP” tagged in one of the AD field.
    Is it possible ? We tried that in SAP LDAP connector but its not possible in LDAP connector in SAP as LDAP connector is reading through all the users in our CUA system.
    Question is it possible through SAP IDM that we use some thing (maybe  BAPI) to restrict users and do not read all users but only users having “SAP” in one of the AD field.
    Also note that our AD has some OU's name in Arabic.
    Regards,

    If you want to filter this in the ADS Initial Load job then you can modify the repository LDAP Filter:
    (&(objectclass=person)(orgUnit=SAP))
    Replace orgUnit=SAP with your your attribute and tag.
    Br,
    Chris

  • ACS 5.1 with Windows Active Directory

    Hi All,
    I installed ACS 5.1 in vmware server successfully. I have problem while intergrating cisco acs with microsoft Windows 2008 active directory. I already verfied all the related parameters like Domain name, user rights to join in AD, DNS name resolve and IP-Address.
    But, I can able to add any system into my domain without any issues and this is not happening in Cisco ACS 5.1 version.While testing the Active Directory - Test connection it prompts with error message " Can not resolve network address".
    Please help me from this issue.
    Regards
    Mani

    Hi
    Have you setup the correct DNS servers and domain name in the ACS and also do you have an entry in the DNS for the ACS server?
    Dave

  • WIreless solution with WDS/Active Directory/mutiple ssid

    I'm in a project where the mail goal is to implement a wireless solution for our company.
    I will try to explain our dimention.
    We want two kinds of wireless solutions based on the same AP, secure and unsecure.
    The unsecure is a "guest" net for Internet-access. We want a solution where the users have to contact our reseption to be given a username/password to access this network (same kind you find in airports, some hotels and so on). It has to be able to give a permanent access, access by the hour/day. Username/password can be random, but don't have to be.
    The secure is a "work" net for our company computer services. We want the wireless network to be encrypted (a good standard) and the computer itself has to have some kind of certificate. We also want the user to authenticate itself using Microsoft Active Directory.
    These two wireless networks should have their own SSID with different security levels. Both of them should support WDS.
    Can somebody give me some information on which equipment we need, what kind of server services needes and so on.
    The solution has to be robust, but of course the cost aspect is hanging over us as a ghost... ;-)
    Regards
    Eirik

    Guest solution and secured wireless solution is very much possible with Cisco Unified wireless solution. The document available at http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml explains how to setup guest and internal WLAN in a network. This should help.

  • Windows active directory integeration with sap user mangement

    Hi All
    I have installed  sap as local installation now my client wants to integerate sap user management with windows active directory.we have ECC,BI,PI ,SCM and ep system in our landscape.kindly suggest hoe to do that and what will be the best strategy to do that in a simple scenario.
    Regards
    Pranav

    pranav kumar wrote:
    Hi Kenneth
    >
    > I jst want to integerate the sap with windows active directory.
    >
    >
    > Regards
    > Pranav
    Hi Pranav,
    Check the article, http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/c00464ce-c974-2e10-f5be-f8f4c6dce31c
    Then, take e a look at SSO solutions at http://ecohub.sap.com/
    You can find many solutions there.
    Best regards,
    Orkun Gedik

  • SSO (single sign on) on NetWeaver 7.0 Enterprise Portal based on spnego with Microsoft Active Directory

    Hi,
    we are using SAP Netweaver Enterprise Portal 7.0 (SP25) based on Windows 2008 R2/Oracle 11g.
    When we setup the Portal, we used the UME of the ECC - ABAP.
    The portal is used internally only.
    Now we want to provide SSO.
    User authenticate against Windows Active Directory (Windows 2003).
    We thought SSO via spnego would be the best solution.
    Any better alternates, we should use?
    We are following the SAP documentation:
    SAP-Bibliothek - Benutzerauthentifizierung und Single Sign-On
    We still want to create users in ABAP and assign them the portal roles. LDAP access should only have read access, to verify the security token from Active Directory.
    When we setup the portal from scratch using ABAP as its UME, in the system configuration, LDAP can't be selected/add as data source.
    In case we understand the documentation correctly, we would now need to add LDAP via the configtool for read access.
    What is not clear to us, when we active now LDAP via config tool, if we would now lose the ABAP connection.
    Is there a tutorial for SSO Netweaver 7.0 EP, like for EP 7.3, available?
    In 7.3 SSO is pretty simple to get it running, thanks to the many tutorials here and on the internet.
    Thanks for your help.
    Best regards
    Carlos Behlau

    Hi,
    I was able to generate the key via ktab program.
    But when I am enable SSO, nothing is happening when I try to log-on via SSO to the portal.
    I installed WebDiag tool on the portal server and ran trace.
    The users are located in domain: company.com of activate directory.
    The Java AS are located in domain: sap.company.com of activate directory.
    The sap.company.com domain acts as child of company.com.
    When I check the WebDiag trace, I see for the SPNegoLoginModule - the entry "... no key (etype: 23) for realm sap.company.com available ..."
    I would except company.com as realm key, as the keytabs have been generated on the domain controller of company.com.
    Is it possible to get SSO with child domain running?
    Based on the statement of the network folks, child and father domain having a trust.
    Thanks for your help.
    Best regards
    Carlos

  • Windows Active Directory only ABAP?

    Hi experts,
    I configure a JAVA system with SSO by kerberos and Active Directory...
    Now, i want configure a only ABAP system (in Windows) with Windows Active Directory, is it possible ? Are there any manual or blog?
    Thanks in advance,
    Regards,

    Victor,
    Yes, this is possible and very common.
    It is implemented using an interface known as SNC (Secure Network Communications) that is available in SAP ABAP and SAP GUI. You need an SNC library that supports Kerberos, and if you are running SAP ABAP on UNIX you need to get this SNC library from a SAP partner, so there will be additional cost considerations. If your SAP ABAP system is on Windows, then you have the option to use an SNC library from SAP which has basic SSO functionality. Some of the SAP partners provide more than SSO. I work for one of the SAP partners which I am describing.
    Also, if you search in this forum for SNC Kerberos keywords you will find many references to this subject.
    Thanks,
    Tim

  • Windows Active directory group policy objects

    Like many small to medium businesses, we use Firefox in addition to Internet Explorer. The Windows Active Directory group policy objects we have for IE works nicely in all versions of IE. Firefox on the other hand has stopped playing ball. Any policy files I have found on the Internet simply does not fire when used in Windows Group Policy. We have Windows 2008 R2 servers with Windows 7 clients.
    Does Mozilla have official group policy objects that will work with Windows Active Directory group policy and is supported in Firefox versions 27 onwards? A lot of the material on the Internet are simply workarounds to achieve something simple.
    I believe this may have been asked several times already, but no definitive answer has been supplied to
    resolve the issue to my knowledge.
    Thanks and regards

    To my knowledge, Firefox historically has not had integration with group policy, and third party tools have been required to bridge the gap. You may have found templates that work in one of those tools.
    These threads have links to third party tools, articles, mailing lists, and other resources:
    * [https://support.mozilla.org/questions/980567 i need to include the Firefox Browser Configuration in my Group Policy and Control Proxy and Browsing Settings]
    * [https://support.mozilla.org/questions/978874 Is it possible to configure firefox using group policy]
    Please report back if you find a solution. Thanks.

  • ISE 1.0.4 & Windows Active Directory

    We are planning to add a NAC sollution in our network and we are a  little confused with ISE. Can ISE support signle sign on with Windows  Active Directory in this version 1.0.4? If yes how we can do it?
    Thank you

    Thanks for prompt answer,
    Something more, i can't find in the following page which is the correct licence in order to install a DEMO ISE in my network. https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y
    Can you help me?

  • SAP User Authentication via Windows Active Directory

    The non-profit company I work for as an SAP Security Admin has been using SAP since 1999.  We are currently running ECC 6.0, BI 7.0, and CRM 7.0.  With fewer than 300 SAP users, we have not implemented CUA, so each of our multiple clients in these systems is managed independently. 
    The company recently licensed and implemented some non-SAP software to be used by all of our employees (~1200) in keeping track of & catagorizing their work time; a very handy feature of this software is that it depends upon Windows Active Directory for user authentication.  Therefore, each employee logs into this time-keeping package by entering his/her standard PC userID & password.  If you can log onto your PC, you can log into the time-keeping software. 
    That got me thinking & researching, because our SAP users - especially those who have access to three or more SAP clients - must maintain their passwords independently in each SAP client that they hope to access in the future.  I'm certainly not the first person who has thought of how nice it would be to permit SAP users to log into all SAP clients across the landscape in which they have defined userIDs, using the same password that they are using to log into their PCs (i.e., the password that is stored & maintained in Windows Active Directory).  My quest has led me to find presentations on this topic that typically involve modules we aren't using & very complicated configurations that we really lack the time & resources to employ; or, to third-party solution providers who claim to be certified SAP partners who would love to sell us more software to provide this convenience, usually irelated to single sign-on, LDAP, etc.  The lowest pricing tier for such software usually would cover many times the number of SAP users we have to serve here - and it feels like trying to push in a tack using a sledgehammer.  It is true that we have not used the same userID for our PCs that we have defined in SAP, so there would need to be some way to translate from one to the other, but our PC password rules are consistent with those we have configured in SAP clients, so it seems to me it should be very simple.   Can anyone lead me to a more straightforward solution?  If not, can you articulate why this has to be so complicated using SAP software when it seems so simple using relatively inexpensive timekeeping sotware?

    >
    Gagan Deep Kaushal wrote:
    > Hi Tim,
    >
    > Its nice to see video.
    >
    > Is that mean using different username on OS and SAP level still we can achieve SSO.
    >
    > Correct if if am wrong.
    > The only thing we need to maintain SNC name.
    Once installed, yes. This is all you need to maintain when users are added. You can even use LDAP if you like to sync all user info between SAP and MS AD domain, but this cannot sync the password, so using SNC authentication instead of using SAP passwords is ideal.
    >
    > So for user test1 i can manage name as p:test2.....  ??
    Yes, that is correct. The mapping is maintained using standard SAP user management, such as su01. The user in AD domain might have long account name, e.g. "firstname.verylonglastname" which is too big for use as a SAP username so you can map this long AD account name onto a SAP user called FIRSTLAST in one or more SAP clients.
    >
    > I think that is what Ronald is also looking, user name need not to be same.
    >
    > Regards,
    > Gagan Deep Kaushal

  • HT201358 Can ARD3 work with the Active Directory setup on a Windows machine and without the need of Open Directory

    We need the 'Golden Triangle' setup to work with ARD3 running on a Mac server with client Mac details retrieved from a Windows Active Directory. In this system, the ARD3 will be used to install packages from a Mac OS X server, where the client Mac list is gathered directly from a Windows Active Directory, which is already in place.
    So, please guide me whether Apple Remote Desktop 3 is capable of getting client machine details from an Active Directory without the need of re-creating the client Mac list in the Mac server running ARD3.
    If ARD3 can not be used in this case, do you recommend any other tools that can resolve our issue.
    Thank you in advance.
    Sudheesh.

    ARD cannot directly obtain client information from Active Directory, no. It may be possible to create a script that would get such information and be able to put it into ARD, but I wouldn't begin to know how to write such a script. You may also be able to bind your OS X Server to ARD and create groups there. This article is obsolete for 10.6 or later but may provide some clues as to how to proceed:
    http://support.apple.com/kb/TA24276
    There are a number of third-party systems that can manage Macs that may be able to draw information from AD, such as Casper, LANDesk, and others. Which if any would meet your needs depends on many factors including how many devices you need to manage, whether you're looking for a cross-platform tool, your budget, etc. This is a difficult issue to address in a forum like this since there are so many variables to be considered.
    Regards.

  • Oracle database and Windows Active directory authentication

    Hello,
    Our developers have created a couple of web apps which look at our oracle database. Presently they use the APPS user and the user/password is hard coded into the config files.
    Is it possible to authenticate these using Windows Active Directory instead? Is it possible to use AD authentication for all developer access to the database?
    I'm trying to research this on the web but getting very confused. Would a lot of work be involved to get this up and running?
    Is anyone able to offer and advise?
    Thank you very much
    Sarah

    I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
    Perhaps the following links are useful:
    http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
    http://www.linuxmail.info/active-directory-integration-samba-centos-5/
    http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/

  • Windows Active Directory replacement

    Hello All,
    My company is using Windows Active Directory and now we are going to replace it with Novell solution. Is there any product from Novell to replace Windows Active Directory for 2 main features?
    - Group Policy
    - Windows users and workstations authentication and administration
    I did some researches on Domain Service for Windows, Identity Manager, ZENworks. Could you give me advice on which product meet my requirement?
    Thanks in advance.
    Best regards,
    Khiet Manh.

    ab wrote:
    > Domain Services for Windows (DSfW) is meant to emulate MAD to a large
    > degree, and is probably what you need more than the other two
    > products.
    Well, that depends. If there's a need to still supply AD functionality
    after MAD is gone, then yes DSfW is a replacement. However, if that's
    not a requirement, then ZENworks Configuration Management is likely a
    better choice since it will provide much more Windows desktop
    administration capabilities than DSfW (or MAD) alone.
    Your world is on the move. http://www.novell.com/mobility/
    Supercharge your IT knowledge. http://www.novell.com/techtalks/

  • Oracle Linux and Windows Active Directory

    I am looking for a good article on joining an Oracle Linux server to a Windows Active directory domain.
    We are primarily a Windows shop but need to bring up a couple of Oracle Linux servers (VM Server and VM Manager). I would like to use the existing Windows domain controller for user authentication.

    I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
    Perhaps the following links are useful:
    http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
    http://www.linuxmail.info/active-directory-integration-samba-centos-5/
    http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/

  • Windows active directory

    Hi, i want to write a windows application in LV which can have a single Sign-on concept. I want the users to be able to log into the application (exe located on the desktop) with-out any log-in prompts.
    However, if the user wants to switch his/her role in between, the application must go to the login screen and prompt for a user name and password. This username and password must be in sync with the "windows active directory". can anyone help?
    Regards

    I'm confused! You want a user to login into your application without login prompt or you want him to be able to startup the application without login? The first seems highly contradictory to me.
    The requirments about using the login credentials of a Windows domain setup are most easily met by using .Net functionality. I have used in the past Windows API functionality for this which has some extra features that seem not available in .Net at all, but that is a very complicated and cumbersome interface that I can't recommend to use to anyone.
    Rolf Kalbermatter
    CIT Engineering Netherlands
    a division of Test & Measurement Solutions

Maybe you are looking for

  • My Mac is very, very slow

    Hi there, Need help. Have MacBook Pro for last 5 years. It has OS X 10.5.8, 2 GB RAM and 4 GB of free cpace on 80 GB HD. Recently it became very slow. I mean REALLY slow. Except for the web page that I can scroll up and down for everything else i see

  • Where can i get a replacement screen for my iphone 5

    I dropped my phone and the lcd now has lines running down the whole of the screen and was wondering where I can get a genuine replacement screen?

  • Quicktime issues after system restore

    After system restore we had to reinstall games which required quicktime. after which I reinstalled itunes, but it wouldn't install without completely uninstalling everything for quicktime. reinstalled updated quicktime and itunes, but now games aren'

  • System.out.println() problem

    When I use operator + for concatenate the following Strings md.getDriverName() + md.getDriverVersion() as follow in a try block: try { con = DriverManager.getConnection(sourceURL,user,pass); md = con.getMetaData(); System.out.println(md.getDriverName

  • Macbook slow to start-up and displays unusual start-up screen

    Hey everyone, For the last week or so my Macbook has been behaving strangely when I start it up from sleep: it displays the screen you would normally get after your battery has fully emptied and you have just powered up your computer again (I'm not 1