Configuring SAP GUI and SAP Logon for Single Sign-On
To set up the use of Microsoft NTLM with SAP systems, you need to activate the SAP Logon option on each SAP front end. The SAP Logon window includes a list of systems or machines that you can log on to. For each of the systems or machines in the list for which you want to implement SSO, follow the procedure below.
You have completed Configuring the Application Server.
- Copy the gssntlm.dll file to the SAP GUI directory.
The gssntlm.dll file is located on sapserv<x> in the directory /general/misc/security/gssntlm.
- Set the Windows environment variable SNC_LIB on the PC where your SAP GUI runs.
The variable specifies the path to the gssntlm.dll file. You can do this using one of the following methods:
- Copy gssntlm.dll to a location of your choice and set the environment variable SNC_LIB to that location, for example, <DRIVE>:\<SAPGUI_PATH>\gssntlm.dll.
- Right-click My Computer and choose Properties → Advanced → Environment Variables.
- In User Variables for <user> enter the following:
Variable: SNC_LIB
Value: <DRIVE>:\<SAPGUI_PATH>\gssntlm.dll
- Confirm your entries with OK.
- To activate the new environment variable setting, log off and then log on to your Windows system again as the same user.
- Copy gssntlm.dll to a directory of the default search path, for example, %SystemRoot%\system32 and rename the file to sncgss32.dll.
This is the default file name that SNC uses when SNC_LIB is neither entered on the command line nor available in the environment.
- Copy gssntlm.dll to a location of your choice and set the environment variable SNC_LIB to that location, for example, <DRIVE>:\<SAPGUI_PATH>\gssntlm.dll.
- Set the required logon options to activate SSO:
- In the SAP Logon window, select the entry to modify and choose Edit → Advanced.
The Advanced Options dialog box appears.
- In the SNC name field, enter:
p:<DOMAIN_NAME>\SAPService<SID>
where <DOMAIN_NAME> is the Windows domain that the user SAPService<SID> belongs to.
TipIf the system HWA is running on account SAPServiceHWA of the MYDOMAIN domain, you enter:
p:MYDOMAIN\SAPServiceHWA
- In the SAP Logon window, select the entry to modify and choose Edit → Advanced.
The SAP Logon window now displays an icon with a small yellow key beside the system entry. This indicates that SSO is active.