Authentication and Single Sign-On 

The authentication process enables the identity of a user to be checked before this user gains access to BI or BI data. SAP NetWeaver supports various authentication mechanisms.

See also:

User Authentication and Single Sign-On

Integration in Single Sign-On Environments

User ID and Password

BI uses a user ID and a password for logon (see Logon and Password Protection in SAP Systems).

Secure Network Communications (SNC)

BI supports Secure Network Communications (SNC).

SAP Logon Tickets

BI supports SAP logon tickets. To make Single Sign-On available for several systems, users can issue an SAP logon ticket after they have logged on to the SAP system. The ticket can then be submitted to other systems (SAP or external systems) as an authentication token. The user does not need to enter a user ID or password for authentication but can access the system directly after the system has checked the logon ticket.

For more information, see SAP-Logon Tickets

Client Certificates

As an alternative to user authentication using a user ID and passwords, users using Internet applications via the Internet Transaction Server (ITS) can also provide X.509 client certificates. In this case, user authentication is performed on the Web Server using the Secure Sockets Layer Protocol (SSL Protocol) and no passwords have to be transferred. User authorizations are valid in accordance with the authorization concept in the SAP system.

You can find more information under X.509 Client Certificates.

Integration into the SAP NetWeaver Single Sign-On Environment

The Portal is the central entry point for the user within SAP NetWeaver. It supports and issues SAP logon tickets. BEx Web Applications are usually called from the Portal. The close integration of BI and the Portal enables access from BI as well, where Single Sign-On is also supported.

The following graphic illustrates the interaction between BI and the Portal in terms of single sign-on: