To set up the use of Microsoft Kerberos with SAP systems, you need to authorize SAP users to log on with SSO by assigning them to Windows users.
You have completed the following:
The User Maintenance window appears.
p:<WINDOWS_USERNAME>@<KERBEROS_REALM_NAME>
where <WINDOWS_USERNAME> is the logon ID of the Windows user and <KERBEROS_REALM_NAME> is the Kerberos realm that the user belongs to. This is typically the Microsoft Windows domain converted to uppercase characters.
For the user MILLER, belonging to the domain realm.example.com, enter:
p:MILLER@REALM.EXAMPLE.COM
This can be useful, for example, to let the user work in a different domain where SSO using Kerberos is not available.
Kerberos SSO is now set up. The next time this SAP system user logs on to the system, the application is opened without requiring the user to enter a user name and password.
If only one possible match exists between the Windows account and the SAP system user ID, the logon screen is skipped, unless the profile parameter snc/force_login_screen = 1 is present in the instance profile of the application server.