Purpose
With this PAS option, the user is authenticated using the Windows NTLM protocol, which takes place between the user’s Web browser and the Web server. The user's Windows ID is then passed to the SAP system using the PAS service. The user’s SAP system ID is obtained from the mapping table USREXTID in the SAP system and a logon ticket is created for the user. Single Sign-On is then available to additional SAP services using the logon ticket.
Prerequisites
For the prerequisites for using Windows NTLM authentication for PAS, see the following topics:
Process Flow
See the graphic below:
Using Windows NTLM Authentication
The user must be logged onto the Windows domain. The process is then as follows:
Result
No user ID and passwords entries are necessary for accessing the SAP system.
When the user accesses further SAP services, the logon ticket is used for Single Sign-On access.