SAP Single Sign On is a security product from SAP that allows users to have secure access to SAP and non-SAP applications with a single password. It is intended to improve enterprise security and efficiency by providing access to applications across all systems.
SAP Single Sign On provides benefits in security, cost reduction and IT efficiency, according to SAP. It strengthens enterprise security by using advanced authentication and encryption technologies, and because all passwords are kept in one central and protected repository. Costs can be reduced by limiting the number of password-related calls that help desks must deal with, and by minimizing manual authentication and password resets. IT efficiency can be improved because there is no need to provision, protect, or reset passwords or manage password policies across different systems.
SAP Single Sign On works for both SAP and non-SAP applications, according to the vendor. It was developed by Secude, an SAP technology partner, and was acquired by SAP in 2011. It's based on standard security technologies, including Kerberos, X.509 digital certificates and SAML (Security Assertion Markup Language).
Specific SAP Single Sign On security features include:
- Integration with existing public key infrastructure (PKI) implementations, allowing the use of a single PKI if there is already one in the enterprise;
- Automated certificate lifecycle management for SAP NetWeaver Application Server for ABAP, which can reduce manual certificate renewal efforts, prevent downtime and limit human error in certificate renewals;
- Secure Login Server that allows several ways to provision X.509 certificates for mobile devices;
- An encryption-only mode that enables network encryption for the SNC protocol that communicates with other SAP systems even when user-specific security tokens are unavailable or not configured;
- A Secure Login Web Client that allows business processes to run in a browser session, either on premises or in the cloud; and
- Support for Perfect Forward Secrecy for SNC communications, which reduces the risk of compromised keys that allow attackers to decrypt previously recorded session data.
SAP Single Sign On is available on a license basis and can be downloaded from the SAP Support Portal.