This blog co-authored with Benjamin GOURDON is based on several customers’ experiences.
The purpose of this blog is to perform a quick comparison and to provide an overview of pros/cons between Single Sign-On and Password Synchronization solutions. Both are designed to greatly reduce the number of calls to the support and improve the user’s comfort, and provides a ROI lower than 3 months, as proven by many customer implementations.
Single Sign-On: SAP NetWeaver Single Sign-On
SAP NetWeaver Single Sign On enables users to access all their applications through a single authentication event. From an end-user perspective, there is
no longer a need to provide credentials for connecting to each application.
The overall solution is subdivided into 3 sub solutions:
Depending on the system landscape, 3 different implementation scenarios are suitable and will determine the identification protocol:
Password synchronization:SAP NetWeaver Identity Management
SAP NetWeaver IdentityManagement allows to synchronize the password throughout your IT landscape so the user can access any application with the same password. Each password change in SAP IDM or in Microsoft Active Directory will automatically be replicated to all other integrated or supported systems as a productive password (optional). To secure this solution, the provisioned password must be encrypted via secure Channels (using SNC for SAP ABAP systems, or SSL for web applications including SAP Java systems or directories).
From an end-user perspective, this means using the same password for every application where you want to log on.
For additional information about this solution, I strongly recommend you to read this blog written by Jérémy Baars:
Determine the solution which would balance cost, security, user comfort, adaptability according to your criteria.
The table below intends to compare the Password Synchronization and Single Sign-On by analyzing their respective strengths and
weaknesses:
So let's consider several criteria to choose the most appropriate solution:
User Friendliness
As you can see above, SAP Netweaver Single Sign On offers a better end-user experience, as this solution reduces the number of times a user must type ID and password to access an application. This also contributes to raise user productivity.
Evolution perspectives
SAP Identity Management allows to optimize the user lifecycle and to simplify user management. It is replacing SAP Central User Administration (CUA) that will not be further developed by SAP., As such, it could be interesting to choose password synchronization method if you plan to implement an Identity & Access Management solution in the near future.
Security
If Security is an important criteria for your choice, implementing SAP Netweaver Single Sign On will guarantee a strong authentication by blocking traditional access on each application concerned.
Cost
From a financial point of view, there is not much difference regarding the implementation costs. The choice should more be oriented on the policy and the strategy of the enterprise.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
8 | |
5 | |
5 | |
4 | |
4 | |
4 | |
4 | |
4 | |
3 | |
3 |