Authentication and SAP Single Sign-On

  • EN
  • Services
  • SAP Single Sign-On & Identity Management

Identity and Access Management

To ensure that company resources (applications or data) can be used by certain things (people or systems), it is advisable to use centralized identity and access management. Identity and access management (IAM) manages the end-to-end lifecycle of user identities and authorizations for all company resources

The digital transformation is making system environments increasingly complex, with multicloud-hybrid-IT environments and software-as-a-service (SaaS) solutions, for example, continuing to find their way into companies. Mobile applications on mobile devices also enable access to resources, as do portals or existing on-premise systems.

If identity and access management is optimally configured, it contributes to company productivity. On the one hand, standardized access processes allow “things” such as  people or systems to function smoothly. Centralized identity and access management also increases corporate security. Compliance-related goals (e.g. BSI, SOX and GDPR) can also be achieved through a central IAM.

The key functions of an IAM:

  • Directory services: A centralized management of login information.
  • Access management: Manages access policies, for example via SSO (single sign-on) and MFA (multifactor authentication).
  • Single Sign-On (SSO): Function for one-time authentication in order to be able to access further applications or services without re-entering the login data in the further course of access.
  • Multifactor authentication (MFA): Increased security, through improved authentication via secondary authentication controls.
  • Identity Governance: Manages the lifecycle of user accounts and authorizations.

User Authentication

One of the main tasks of central identity and access management (also known as Identity and Access Management (IAM)) is the administration of user accounts and access rights in IT systems, as well as the authentication of identities such as users.

Directory Services

Directory services are part of Identity and Access Management (IAM) and are responsible for managing identities. Identities can be, for example, user objects with attributes, roles and passwords. When a user logs in, the directory service checks its database to see whether the login data entered, such as user name and password, match.

Authentication vs. Authorization

Authentication confirms that users are who they claim to be. Authorization then grants permission to access resources.

Authentication: Who are you?

Authorization: What are you allowed to do?

SAML2

The Security Assertion Markup Language (SAML) is a method of communicating to applications and services that the person logging on is who they claim to be. SAML makes SSO possible. SAML can be used to authenticate a user once and then transmit this authentication to several applications. The latest version of SAML is SAML 2.0.

OAuth 2.0

OAuth is an authorization protocol to enable secure access without endangering the user's data. The client does not hold any login data, but the login takes place directly on the authorization server. The user can then use the issued access token to access authorized resources.

  1. The OAuth client forwards the user to the authorization server to request access to the resource within a certain scope.

  2. The authorization server performs a direct interactive login with the user. The authorization server confirms that the user receives the authorizations for the specified scopes.

  3. The authorization server forwards the user to the OAuth client with a one-time authorization code.

  4. The OAuth client authenticates itself with the authorization server and exchanges the authorization code for an access token.

  5. The OAuth client uses this access token to request the resource from the resource server.

SAML und OAuth

SAML and OAuth are often used together, especially in cloud or web application environments.

SAML is used for SSO in this scenario.

OAuth is used for authorization and authentication.

Applications with SAML and OAuth

We support our customers in the use of SAML and OAuth in conjunction with the following applications:

  • Microsoft Entra ID (Azure AD)
  • Neptune DXP
  • SAP-Server
  • SAP Business Technology Platform
  • SAP Identity Authentication Service (IAS)
  • SAP Identity Provisioning Service (IPS)

Our Services

  • Analysis of the current system environment
  • Conception of the target system environment
  • Implementation of the facilities
  • Project management
  • Managed Services

GET IN TOUCH WITH US NOW!

Create a request with the experts