Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

Single Sign-On for SAP on UNIX and Linux Using Microsoft Active Directory

11 April,19 at 11:49 AM


IT departments who must give Windows-based end-users access to SAP hosted on UNIX or Linux feel the pain daily: users are frustrated by having to remember multiple passwords, helpdesk resources are consumed with constant account and password reset requests, provisioning new users is cumbersome, and any lapse in disabling access for exiting users could land them in trouble with IT security or compliance auditors. In this video chalktalk, you'll see how Centrify DirectControl addresses each of the technical and business challenges around delivering single sign-on for SAP users. IT then demonstrates how leveraging Active Directory represents a cost-effective and easy-to-deploy solution.


Running Time: 40 minutes


Corey Williams, Director, Product Management


Tom Kemp, Chief Executive Officer


Topics Covered

  • Overview of Centrify DirectControl for SAP
  • A comparison of the unsecure version of SAP sign-on versus DirectControl's secure, Kerberos-based silent authentication
  • How support for SAP Basis provides transparent sign-on for users who have access to multiple SAP instances
  • The productivity gains and help desk cost savings that IT departments realize from Active Directory single sign-on
  • The security benefits of having centralized control over access to SAP
  • A visual look at the authentication flow between the SAPgui, the SAP server, and Active Directory
  • How the DirectControl client agent for SAPgui works and deployment options
  • The architecture of the DirectControl agent on the SAP server
  • How Kerberos encrypts and thus protects communication of SAP data across the network
  • The challenges of setting up a fault-tolerant Kerberos stack on an SAP server and how Centrify solves them
  • The security advantages of managing access to SAP server via Active Directory
  • How DirectControl associates Active Directory identities with existing SAP identities and tools and strategies for the initial configuration
  • The ease and speed with which the DirectControl solution can be deployed
  • Security and compliance reasons why some organizations want end-users to be reprompted to log in versus silent authentication, and how IT managers can configure these login options using Windows Group Policy
  • DirectControl's comprehensive platform support for SAP on UNIX and Linux, and SAPgui for Windows and Java
  • Centrify's integrated role-based privilege management and session auditing
  • How the complexities of Active Directory (which is a multimaster database, supports cross-domain trusts, and the like) makes it extremely challenging to build a custom LDAP interface to SAP
  • The value of having an SAP-certified solution like Centrify DirectControl
  • The approach to supporting SAP Netweaver for J2EE and Portal
  • How Centrify's approach of leveraging existing infrastructure provides a simple and cost-effective solution