Show TOC

 Configuring the SAP LogonLocate this document in the navigation structure

To set up the use of Microsoft Kerberos with SAP systems, you need to activate the SAP Logon option on each SAP front end. The SAP Logon window includes a list of systems or machines that you can log on to.

Prerequisites

You have completed the following:

Context

For each of the systems or machines in the list for which you want to implement SSO, follow the procedure below.

Procedure

  1. Select an entry in the SAP Logon window and choose Start of the navigation path Properties Next navigation step Network End of the navigation path.
  2. Select Activate Secure Network Communications.
  3. In SNC name, enter the application server's SNC name:

    p:SAPService<SID>@<KERBEROS_REALM_NAME>

    where <KERBEROS_REALM_NAME> is the Kerberos realm that the SAPService<SID> user belongs to.

    Note

    Enter the same string that you entered in the primary application server's instance profile for snc/identity/as.

    Tip

    If the system C11 is running on account SAPServiceC11 of the domain Domain.example.com, you would enter:

    p:SAPServiceC11@DOMAIN.EXAMPLE.COM

    Note

    If the entry you selected in the logon dialog box is a group entry, the SNC name field is already filled. In this case, the application server's SNC name is determined by the message server at connection time.

  4. Choose OK to confirm your entries.
  5. The SAP Logon window now displays an icon with a key beside the system entry. This indicates that SNC is active for the system.