Single Sign-On (SSO) allows users to authenticate themselves once, and then log on to all of those systems that operate in the Single Sign-On environment without further intervention. This is based on the use of an HTTP cookie (MYSAPSSO2 cookie or logon ticket) which stores the user's identity.

Once the user has been authenticated, and if the server is so configured, it will set a logon ticket that is typically valid for the complete domain. The server can also be configured to set the cookie to be returned only to the specific server. Now, on all subsequent HTTP requests, the browser will send the cookie with the HTTP request. The targeted server then can use the information within the cookie as credentials to authenticate the user.

The SAP NetWeaver Business Client (NWBC) is a shell that is able to start different canvasses, based on different UI technologies, for example SAP GUI or HTML. Each of these canvas types has their own communication channel to the underlying server and needs authentication information to access the server. To pass authentication information in a secure fashion from the shell to the different canvas types, you must configure the server to use logon tickets (MYSAPSSO2 cookies). Logon tickets also enable the NWBC to start applications against multiple systems.