Authentication and Single Sign-On

Use

The authentication process makes it possible to check a user's identity before granting them access to BW or BW data. SAP NetWeaver supports various authentication mechanisms.

BW uses the authentification and single-sign-on mechanisms provided by SAP NetWeaver. Therefore, the security recommendations and guidelines for user administration and authentication (described in the SAP NetWeaver Security Guide) also apply to BW.

For more information, see the section on user authentication and single-sign-on in the SAP NetWeaver Security Guide.

Authentication and Single-Sign-On Mechanisms for BW

User ID and Password

BW uses a user ID and a password for logon.

For more information, see Logon and Password Protection in SAP Systems.

Secure Network Communications (SNC)

BW supports Secure Network Communications (SNC).

For more information, see Secure Network Communications (SNC).

SAP Logon Tickets

BW supports SAP login tickets. To make Single Sign-On available for several systems, users can obtain an SAP logon ticket after logging on to the SAP system. The ticket can then be submitted to other systems (SAP or external systems) as an authentication token. The user does not need to enter a user ID or password for authentication but can access the system directly after the system has checked the logon ticket.

For more information, see SAP Logon Tickets.

Client Certificates

As an alternative to user authentication with user ID and passwords, users with Internet applications via the Internet Transaction Server (ITS) can provide X.509 client certificates. User authentication then takes place on the Web Server using the Secure Sockets Layer Protocol (SSL Protocol). No passwords have to be transferred. User authorizations are valid in accordance with the authorization concept in the SAP system.

More information: X509 Client Certificates.