Configuring User Mapping with Tickets for SSO

Prerequisites

Users have the same ID in all back-end systems that are configured to use tickets for SSO. Passwords can be different.
The back-end systems that are configured to use tickets for SSO accept tickets from the portal.

For more information, see Configuring Component Systems to Accept Portal Logon Tickets .
The target system must exist in the portal system landscape. For the system to appear in the user mapping interface, you must have done the following:
- You have created a system alias for the target system.
  
  The target system needs a system alias for the system to appear in the mapping interface.
  
  Caution
  Changing the default system alias does not affect user mapping. However, if all system aliases are removed, user mapping is lost to that system, even if a new system alias is created with the same name as the previous default.
- You have assigned end user permission to those users, groups, and roles, which access the system.

More Information

Context

Use this procedure to enable portal users to access back-end systems with Single Sign-On (SSO) with a different user ID. The user IDs to which portal users are mapped, exist in a single reference system. These user IDs are used in all back-end systems to which the user is mapped.

For more information, see User Mapping and the Portal .

Procedure

Configure the reference system in the portal system landscape.
- Under User Management :
  - Set Logon Method to SAPLOGONTICKET .
  - For the system to appear in the user mapping function, set User Mapping Type .
- Under Connector , set System Type .
For more information, see the following:
- Editing System Properties
- System Properties for User Mapping
Configure any target systems in the portal system landscape.

Under User Management , set Logon Method to SAPLOGONTICKET .
Start User Management Configuration.

For more information, see Configuring User Management .
Choose the User Mapping tab.
In Reference System , select the system alias of the back-end system to use as the reference system.
Save your changes.
Map users to back-end systems and users.

The options available to you for mapping users are dependent on the values you entered for the system for User Mapping Type . You have the following options for performing this mapping:
- The administrator maps the users to their users in the back-end system.
  
  This requires the administrator to keep track of user IDs in the portal and their user IDs and optionally their passwords in the reference system.
  
  When the administrator configures a mapping for a user, the UME by default checks the mapped user ID and password against the reference system. You can disable the check for administrators.
  
  To disable the check, set the UME property ume.usermapping.admin.pwdprotection= FALSE .
  
  For more information, see the following:
  - Configuring User Mappings on the Behalf of Users
  - Editing UME Properties
- Let users map themselves.
  
  This requires users to know which system is the reference system and their user ID and passwords in the reference system.
  Note
  To map their own user IDs, users require authorizations for self-management.
  
  Fo more information, see the following:
  - Configuring Self-Management
  - Setting Portal Preferences