You can use the SAP GUI authentication mechanisms to protect access to your SAP NetWeaver Application Server for ABAP (AS ABAP) systems. When users access the system from this communication channel they are required to provide valid authentication credentials to authorize access.
The SAP GUI enables you to authenticate user access with interactive dialog authentication functions. Alternatively, you can configure the SAP GUI to authenticate access transparently with Single Sign-On.
Implementation Considerations
The SAP GUI is a front-end presentation software that enables access to applications running on the AS ABAP. To use the SAP GUI to log on to AS ABAP systems, you have to install the SAP GUI client software on your workstation.
You can launch the SAP GUI from the SAP Logon pad, which is a software component that you install on client workstations. The communication protocols that enable the communication between the SAP GUI and the AS ABAP are SAP-specific.
To log on to an AS ABAP system for dialog access from the SAP GUI, users have to provide a user ID, password, and an AS ABAP client number. Alternatively, when using SSO, the SAP GUI can transparently provide the authentication credentials to the AS ABAP without user intervention. The AS ABAP system then evaluates the provided credentials and determines whether to grant or deny access based on the set of preconfigured authentication criteria and the authorizations assigned to the user's identity information.
Therefore, the authentication process for access from an SAP GUI follows the pattern below:
On the SAP GUI client software, users provide the authentication credentials that the client sends to the AS ABAP. In addition, you can configure the SAP GUI client to use SSO.
On the AS ABAP systems you configure the required user credentials and logon options that must be met for authentication to succeed and the AS ABAP system to authorize access.
Depending on the authentication mechanism you use, the authentication credentials can become vulnerable to security attacks during the transfer from the SAP GUI to the AS ABAP. Therefore, we recommend that you secure communication with additional transport layer security mechanisms.
For more information about the available user authentication functions when using the SAP GUI and relevant implementation considerations, see the following topics:
User ID and Password Authentication
Information about authentication with user ID and password.
Authentication with SAP shortcuts
Information about authentication aspects when using SAP shortcuts. SAP shortcuts store the authentication information for SAP systems and enable you to access a specific AS ABAP transaction directly from your desktop.
Client Certificate Logon for SAP GUI
Information about using client certificates for logon with the SAP GUI.
Kerberos for SAP GUI Authentication
Information about using Kerberos for authentication.
Windows NT LAN Manager (NTLM) Authentication with SAP GUI
Information about using Windows NTLM for authentication.
SAP Logon in Getting Started