Show TOC

Windows NT LAN Manager (NTLM) AuthenticationLocate this document in the navigation structure


The SAP GUI also enables you to use NTLM for authenticating access to AS ABAP from the SAP GUI in a Microsoft Windows environment. NTLM authentication is available for the SAP GUI as a tailored version for SSO with Secure Network Communications (SNC), which uses Microsoft's NT domain authentication and NT LAN Manager Security Service Provider (NTLM SSP).


NTLM is only available for Microsoft Windows 32-bit system environments, consisting of Microsoft Windows 9x, Microsoft Windows ME, Microsoft Windows NT, Microsoft Windows 2000 and higher.

To enable NTLM, the AS ABAP system must be enabled for using SNC. To integrate the AS ABAP into a Single Sign-On environment under Windows NT (no integrity or privacy protection is provided), you can use Microsoft's NT LAN Manager Security Support Provider (NTLMSSP) from Microsoft as the security provider.


Microsoft's NTLM SSP does not provide you with the full SNC protection capabilities. To enable data integrity and privacy protection with NTLM, you need to use an additional security product. We recommend that you use Kerberos for SAP GUI Authentication for system environments consisting of Microsoft Windows 2000 and higher.

Security Considerations

NTLM uses a challenge-response sequence of messages between the a client and a server system. NTLM provides authentication based on a challenge-response authentication scheme. It does not provide data integrity or data confidentiality protection for the authenticated network connection. Therefore, to ensure data integrity and privacy protection in the authentication process, you must use SAP Single Sign-On or an external security product that is certified for use with SNC.

For more information about the SAP-certified security products, see published on SAP site.


For more information about configuring NTLM authentication, see Single Sign-On with Microsoft NT LAN Manager SSP.