Integration with Single Sign-On Environments 

Use

MIC supports the Single Sign-On (SSO) mechanisms provided by the SAP Web Application Server ABAP. Consequently, the security recommendations and guidelines for user management and authentication described in the SAP Web Application Server Security Guide also apply to MIC.

The mechanisms supported are listed below.

Secure Network Communications (SNC)

SNC is available for user authentication and provides an SSO environment when the SAP GUI for Windows or Remote Function Calls (RFC) are used.

For more information, see Secure Network Communications (SNC) in the security guide of the SAP Web Application Server.

SAP Logon Tickets

MIC supports the use of logon tickets for SSO when the Web browser is used as the front end client. In this case, users can be issued a logon ticket after they have authenticated themselves in the original SAP system. The ticket can then be submitted to other systems (SAP or external systems) as an authentication token. The user does not need to enter a user ID or password for authentication but can access the system directly once the system has checked the logon ticket.

For more information, see SAP Logon Tickets in the SAP Web Application Server security guide.

Client Certificates

As an alternative to user authentication using a user ID and passwords, users using a Web browser as a front end client can also provide X.509 client certificates to use for authentication. In this case, user authentication is performed on the Web server using the Secure Sockets Layer protocol (SSL protocol), and no passwords need to be transferred. User authorizations apply in accordance with the authorization concept in the SAP system.

For more information, see Client Certificates in the security guide of the SAP Web Application Server.