Integration into Single Sign-On Environments

SAP Profitability and Performance Management supports the single sign-on (SSO) mechanisms provided by SAP NetWeaver. Therefore, the security recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver Security Guide also apply.

The most widely-used supported mechanisms are listed below:

• Secure Network Communications (SNC):

  SNC is available for user authentication and provides for an SSO environment when using the SAP GUI for Windows or

  Remote Function Calls.

• SAP logon tickets:

  SAP Profitability and Performance Management supports the use of logon tickets for SSO when using a web browser as the frontend client. In this case, users create a logon ticket after they have authenticated themselves with the initial SAP system. The ticket can then be submitted to other systems (SAP or external systems) as an authentication token. The user does not need to enter a user ID or password for authentication but can access the system directly after the system has checked the logon ticket.

• Client certificates:

  Users using a web browser as a frontend client can also provide X.509 client certificates for authentication. In this case, user authentication is performed on the web server using the Secure Sockets Layer Protocol (SSL Protocol) and no passwords have to be transferred. User authorizations are valid in accordance with the authorization concept in the SAP system.

For more information about the available authentication mechanisms, see User Authentication and Single Sign-On [SAP Library] in the SAP NetWeaver Library.