C E N T R I F Y G U I D E SAP NetWeaver ABAP SAML ... · PDF fileSAP NetWeaver ABAP SAML...

C E N T R I F Y G U I D E

SAP NetWeaver ABAP SAML configuration guide

Abstract

Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate identity and access infrastructure. Our thorough approach to availability, reliability, scalability, security and privacy ensures that you can depend on Centrify as a trusted partner and provider.

© 2016 CENTRIFY CORPORATION. ALL RIGHTS RESERVED P A G E 2 | 33

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Centrify Corporation.

Centrify may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Centrify, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2016 Centrify Corporation. All rights reserved.

Centrify, DirectControl and DirectAudit are registered trademarks and Centrify Suite, DirectAuthorize, DirectSecure and DirectManage are trademarks of Centrify Corporation in the United States and/or other countries. Microsoft, Active Directory, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.


Contents

SAP NetWeaver ABAP ................................................................................................................... 4

An overview of configuring SAP NetWeaver ABAP for SSO .......................................................... 4

Preparing for Configuration ............................................................................................................. 5

SAP NETWEAVER ABAP REQUIREMENTS FOR SSO ...................................................................................... 5

SETTING UP THE CERTIFICATES FOR SSO ...................................................................................................... 5

WHAT YOU NEED TO KNOW ABOUT SAP NETWEAVER ABAP .......................................................................... 5

Completing prerequisites for AS ABAP service providers .............................................................. 7

BASIC SAP OPERATIONS ............................................................................................................................... 7

VERIFYING AND INSTALLING THE SAP CRYPTOGRAPHIC LIBRARY ..................................................................... 7

ASSIGNING ROLES TO USERS TO CONFIGURE SAML ....................................................................................... 7

ACTIVATING SAML2 CONFIGURATION UI SERVICES ........................................................................................ 8

Configuring SAP NetWeaver ABAP in Cloud Manager (Part 1) ................................................... 15

Enabling SAML and creating a local provider in SAP NetWeaver Administrator ......................... 19

Configuring SAP NetWeaver ABAP in Cloud Manager (Part 2) ................................................... 28

(OPTIONAL) CONFIGURING SAP ABAP SAML TO ISSUE A SAP LOGON TICKET ............................................ 31

OTHER IDENTITY FEDERATION OPTIONS IN SAP ABAP ................................................................................ 31

ABOUT CENTRIFY ........................................................................................................................................ 33


SAP NetWeaver ABAP SAP NetWeaver Application Server ABAP is one of the two installation options of SAP NetWeaver AS. The other option is the Java Stack, which is run totally separately from the ABAP Stack. If you’re trying to configure the SAP NetWeaver ABAP, you’re in the right place. If you’re trying to configure the SAP NetWeaver AS Java, see SAP NetWeaver AS Java

Note: This document is written with SAP NetWeaver ABAP 7.3 EHP1 (7.3.1). If you are not using version 7.3.1, your interface may differ from the illustrations. Only versions 7.3 and 7.3.1 are supported.

Note: SAP NetWeaver ABAP has two GUIs, the SAP GUI and the Web GUI. Unless specified, all configuration steps in this document can be done in either GUI.

An overview of configuring SAP NetWeaver ABAP for SSO The following is an overview of the steps required to configure the SAP NetWeaver ABAP Web application for single sign-on (SSO) via SAML. SAP NetWeaver ABAP offers both IdP-initiated SAML SSO (for SSO access through the Cloud Manager) and SP-initiated SAML SSO (for SSO access directly through the SAP NetWeaver ABAP web application). You can configure SAP NetWeaver ABAP for either or both types of SSO. Enabling both methods ensures that users can log in to SAP NetWeaver ABAP in different situations such as clicking through a notification email.

1. Prepare SAP NetWeaver ABAP for single sign-on.

2. Complete the prerequisites for AS ABAP to be a service provider.

3. Add and begin to configure the SAP NetWeaver ABAP application in Cloud Manager.

4. Enable SAML and create a local provider.

5. Create and Enable a Trusted Provider for Centrify.

6. Finish configuring SAP NetWeaver ABAP application for single sign-on.

7. After you have finished configuring the application settings in the Cloud Manager and the SAP NetWeaver ABAP application, users are ready to launch the application from the Centrify user portal.

https://docs.centrify.com/en/centrify/appref/cloudhelp/o-z/saas_appref_SAP_java.html#wwconnect_header


Preparing for Configuration

SAP NetWeaver ABAP requirements for SSO

Before you configure the SAP NetWeaver ABAP web application for SSO, you need the following:

SAP NetWeaver ABAP.

An active SAP NetWeaver ABAP account with administrator rights for your organization.

For more set-up information - Identity Federation in AS ABAP (7.3 EHP1): http://help.sap.com/saphelp_nw73ehp1/helpdata/en/f4/a4aa9a3f9e47e09f5cc2eeb017c1ec/content.htm

Setting up the certificates for SSO

To establish a trusted connection between the web application and the cloud service, you need to have the same signing certificate in both the application and the application settings in Cloud Manager.

If you use your own certificate, you upload the signing certificate and its private key in a .pfx or .p12 file to the application settings in Cloud Manager. You also upload the public key certificate in a .cer or .pem file to the web application.

To download an application certificate from Cloud Manager (overview):

1. In the Apps page, add the application.

2. Click the application to open the application details.

3. In the Application Settings tab, click Download Signing Certificate to download and save the certificate.

What you need to know about SAP NetWeaver ABAP

Each SAML application is different. The following table lists features and functionality specific to SAP NetWeaver ABAP.

Capability Supported? Support details

Web browser client

Yes

Mobile client No

SAML 2.0 Yes

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/f4/a4aa9a3f9e47e09f5cc2eeb017c1ec/content.htm



SP-initiated SSO

Yes

IdP-initiated SSO

Yes

Force user login via SSO only

Yes Only if Selection Mode is Automatic.

Separate administrator login after SSO is enabled

No

User or Administrator lockout risk

Yes Users can be locked out of SAP if they cannot access IdP. You can specify a back door URL by using the query parameter “saml2=disabled”

Automatic user provisioning

No

Multiple User Types

Yes Refer to SAP NetWeaver ABAP documentation for details.

Self-service password

Yes Users can reset their own passwords. Note that administrators cannot reset a user’s password.

Access restriction using a corporate IP range

Yes You can specify an IP Range in the Cloud Manager Policy page to restrict access to the application.


Completing prerequisites for AS ABAP service providers In order for ABAP to be fully configured as a service provider, it must have a supported cryptographic

library installed, users with administrative privileges, and activated SAML2 configuration UI services.

Basic SAP operations

Transactions are entered in the command field at the top of the SAP screen. Each function in SAP has an SAP transaction code associated with it. After you call a transaction and the function screen opens, calling another transaction will have no effect. You must either use the Back button to go all the way back to the home screen and then call a new transaction, or put /N in front of the transaction call. For example, the SICF transaction can be entered either as SICF on the home screen, or as /NSICF on the function screen.

Verifying and installing the SAP cryptographic library

SAP ABAP version 7.3 EHP1 comes with the SAP cryptographic library, but the version of cryptographic library that you have may vary. The SAP NetWeaver ABAP app has been tested with v5.5.5C and v8.4.25(+MT). If the version you have is different, the illustrations may not match what you see on your screen.

To check the version of your SAP cryptographic library:

a. Log in to the SAP GUI.

Note Checking the SAP cryptographic library can only be done in the SAP GUI. The Web GUI does not have this capability.

b. Call the STRUST transaction.

c. Go to Environment > Display SSF Version.

If the SAP cryptographic library is already installed, it displays its version number.

d. If you do not have the SAP cryptographic library installed, you must install it as described in http://help.sap.com/saphelp_nw73/helpdata/en/49/236897bf5a1902e10000000a42189c/content.htm.

Assigning roles to users to configure SAML

If you have users without administrative privileges who you want to give the ability to configure SAML, assign them the role SAP_SAML2_CFG_ADM. There is also a read-only role, SAP_SAML2_CFG_DISPLAY.

http://help.sap.com/saphelp_nw73/helpdata/en/49/236897bf5a1902e10000000a42189c/content.htm

http://help.sap.com/saphelp_nw73/helpdata/en/49/236897bf5a1902e10000000a42189c/content.htm


Activating SAML2 configuration UI services

To access SAP ABAP's SAML 2.0 Configuration page, you must first activate SAML2 Configuration UI Services and other related services. A series of services must be activated. Follow the steps below in

Activate each of the service paths in this Service Path list:

/sap/bc/saml2/CDC_EXT_SERVICE

/sap/bc/webdynpro/sap/SAML2

/sap/public/bc/icf/logoff

/sap/public/bc/icons/

/sap/public/bc/icons_rtl/

/sap/public/bc/pictograms/

/sap/public/bc/sec/SAML2

/sap/public/bc/webdynpro/adobeChallenge/

/sap/public/bc/webdynpro/mimes/

/sap/public/bc/webdynpro/ssr/

/sap/public/bc/webdynpro/ViewDesigner/

/sap/public/bc/webicons/

/sap/public/myssocntl/

To activate a service:

1. Log on to the SAP GUI and connect to your SAP Server

2. Within the SAP UI type SICF into the execute field

3. Click on execute


4. On the Maintain Services page, enter one of the service paths from the service path list above in the Service Path field.

5. Click Execute.

6. Right-click the first greyed out field in the service in the tree view and select Activate Service.

If the Activate Service option is not available, that means the service is already activated.


7. When prompted to activate the service, click Yes with tree

8. Enter a new service from the service path list above into the Service Path field

9. Click Apply


10. Repeat steps 6 & 7 for each of the services listed in the service path list until you activated all services listed above.

11. Within the SAP UI type SAML2 into the execute field

12. Click on execute

13. Confirm any dialog windows

14. Enter your administrative username and password


15. Click Enable SAML2 Support

Note The Enable SAML 2.0 Support button should be visible. However, if the SAML 2.0 configuration UI shows an error, you will not be able to move ahead until you find the source of the error. The most common error is due to not activating all of the services listed above. Double-check to make sure that all the services listed above are activated.

16. Select Create SAML 2.0 Local Provider


17. Enter CentrifySAML into the Provider Name field

Note If you enter a different provider name here, you must also enter the same name in the Local Provider Name field in Application Settings of your SAML application on the Centrify Cloud Manager.

18. Click Next

19. Click on Next


20. Click on Finish

The SAML 2.0 Configuration of ABAP System page appears showing the Local Provider you just created. Leave this page open to continue configuration in “Enabling SAML and creating a local provider in SAP NetWeaver Administrator”


Configuring SAP NetWeaver ABAP in Cloud Manager

(Part 1) Before continuing configuration of the SAML 2.0 SAP ABAP you need to add and configure the SAP NetWeaver ABAP application in Cloud Manager:

1. In Cloud Manager, click Apps

2. Click Add Web Apps

The Add Web Apps screen appears

3. On the Search tab, enter SAP into the Search field and click the search icon

4. Next to the SAP NetWeaver AS ABAP application, click Add


5. In the Add Web App screen, click Yes to confirm

Cloud Manager adds the application

6. Click Close to exit the Application Catalog

The application that you just added opens to the Application Settings page

7. Click Download Identity Provider Metadata Document

This downloads an XML file onto your computer that you will need in the next section, Creating and enabling a trusted provider for Centrify

https://docs.centrify.com/en/centrify/appref/cloudhelp/o-z/saas_appref_SAP_abap.html#ww1187841



8. On the Application Settings page, expand the Additional Options section and specify the following settings:

Option Description

Application ID

Configure this field if you are deploying a mobile application that uses the Centrify mobile SDK, for example mobile applications that are deployed into a Samsung KNOX version 1 container. The cloud service uses the Application ID to provide single sign-on to mobile applications. Note the following:

The Application ID has to be the same as the text string that is specified as the target in the code of the mobile application written using the mobile SDK. If you change the name of the web application that corresponds to the mobile application, you need to enter the original application name in the Application ID field.

There can only be one SAML application deployed with the name used by the mobile application.

The Application ID is case-sensitive and can be any combination of letters, numbers, spaces, and special characters up to 256 characters.

Show in User app list

Select Show in User app list to display this web application in the user portal. (This option is selected by default.)

If this web application is added only to provide SAML for a corresponding mobile app, deselect this option so the web application won’t display for users in the user portal.

Security Certificate

These settings specify the security certificate used for secure SSO authentication between the cloud service and the web application. Select an option to change the security certificate.

Use existing certificate displays beneath it the certificate currently in use. The Download button below the certificate name downloads the current certificate through your web browser to your computer so you can supply the certificate to the web application during SSO configuration. It’s not necessary to select this option—it’s present to display current status.

Use the default tenant signing certificate selects the cloud service standard certificate for use. This is the default setting.

Use a certificate with a private key (pfx file) from your local storage selects any certificate you want to supply, typically your organization’s own certificate. To use this selection, you must click Browse to upload an archive file (.p12 or .pfx extension) that contains the certificate along with its private key. If the file has a password, you must enter it when prompted.

9. (Optional) On the Description page, you can change the name, description, and logo for the application. For some applications, the name cannot be modified

The Category field specifies the default grouping for the application in the user portal. Users have the option to create a tag that overrides the default grouping in the user portal.

10. On the User Access page, select the role(s) that represent the users and groups that have access to the application


When assigning an application to a role, select either Automatic Install or Optional Install:

Select Automatic Install for applications that you want to appear automatically for users

If you select Optional Install, the application doesn’t automatically appear in the user portal and users have the option to add the application

11. (Optional) On the Policy page, specify additional authentication control for this application. You can select one or both of the following settings:

Restrict app to clients within the Corporate IP Range: Select this option to prevent users outside the company intranet from launching this application. To use this option, you must also specify which IP addresses are considered as your intranet by specifying the Corporate IP range in Settings > Corporate IP Range

Require Strong Authentication: Select this option to force users to authenticate using additional, stronger authentication mechanisms when launching an application. Specify these mechanisms in Policy > Add Policy Set > Account Security Policies > Authentication

You can also include JavaScript code to identify specific circumstances when you want to block an application or you want to require additional authentication methods. For details, see Application access policies with JavaScript

12. On the Account Mapping page, configure how the login information is mapped to the application’s user accounts. The options are as follows:

Use the following Directory Service field to supply the user name: Use this option if the user accounts are based on user attributes. For example, specify an Active Directory field such as mail or userPrincipalName or a similar field from the Centrify user service

Everybody shares a single user name: Use this option if you want to share access to an account but not share the user name and password. For example, some people share an application developer account

Use Account Mapping Script: You can customize the user account mapping here by supplying a custom JavaScript script. For example, you could use the following line as a script:

LoginUser.Username = LoginUser.Get('mail')+'.ad';

https://docs.centrify.com/en/centrify/appref/cloudhelp/scripts/cloud-appconfig-jsauth.html#wwconnect_header

https://docs.centrify.com/en/centrify/appref/cloudhelp/scripts/cloud-appconfig-jsauth.html#wwconnect_header


The above script instructs the cloud service to set the login user name to the user’s mail attribute value in Active Directory and add ‘.ad’ to the end. So, if the user’s mail attribute value is [email protected] then the cloud service uses [email protected]. For more information about writing a script to map user accounts, see the SAML application scripting

(Optional) On the Advanced page, you can edit the script that generates the SAML assertion, if needed. In most cases, you don’t need to edit this script. For more information, see the SAML application scripting

Note On the Changelog page, you can see recent changes that have been made to the application settings, by date, user, and the type of change that was made

13. Click Workflow to set up a request and approval work flow for this application

The Workflow feature is a premium feature and is available only in the Centrify Identity Service App+ Edition. See Configuring Workflow for more information

14. Click Save

After configuring the application settings (including the role assignment) and the application’s web site, you’re ready for users to launch the application from the user portal.

15. Leave the browser tab open to the Cloud Manager. You will use it again in Configuring SAP NetWeaver ABAP in Cloud Manager (Part 2)

Enabling SAML and creating a local provider in SAP

NetWeaver Administrator To enable and configure SAML 2.0 in SAP:

1. Go back to the SAP configuration left open in chapter Activating SAML2 configuration UI services step 20, or open a new browser tab and log in to the SAP NetWeaver ABAP (either WebGUI or SAPGUI) as a SAML2 administrator

Note If you choose the Web GUI, the URL resembles: http(s)://<sap-abap-hostname-and-port-number>/sap/bc/gui/sap/its/webgui

Note If you have pop-ups blocked in your browser, you need to unblock them before the next step, or add an exception for this URL

2. If you open a new browser Call enter SAML2 into the execute field

3. Click on Execute

https://docs.centrify.com/en/centrify/appref/cloudhelp/scripts/customSAMLscript.html#wwconnect_header



https://docs.centrify.com/en/centrify/appref/cloudhelp/saas-workflow.html#wwconnect_header




The SAML 2.0 Configuration of ABAP System page appears showing the Local Provider you created previously

4. Under Local Provider click the Service Provider Settings tab.

5. Click Edit

6. In Default Application Path, enter the relative path to the page where you want SSO users to land. For example, /sap/bc/gui/sap/its/webgui/ will land SAML users on the home page of WebGUI

7. Click Save at the top of the page


8. Under Assertion Consumer Service, copy your EndPoint Path and save it to use in Configuring SAP NetWeaver ABAP in Cloud Manager (Part 2)

9. Click Trusted Providers

10. Select Add > Uploading Metadata File


11. In the SAML 2.0 Configuration pop-up window, click Browse and select the metadata file you downloaded in Configuring SAP NetWeaver ABAP in Cloud Manager (Part 1)

12. Click Next

13. (Optional) Enter Centrify as the Alias

If entered, SAP NetWeaver ABAP will show the name of the alias on the IdP selection screen; if not entered the selection screen will show the IdP’s Entity ID that was provided in the IdP Metadata

14. Click Next


15. On the screen that appears, leave all the default values unchanged and click Next again

16. Select HTTP Post

17. Click Next

18. On the following screens leave all the default values unchanged and click Next until you see the Finish button


19. Click Finish


20. Select the Trusted Provider you just created under the List of Trusted Providers

21. Click Edit

22. Click Identity Federation under Details of trusted provider

23. Click Add


24. Select Unspecified as the Supported NameID Format and click OK

Note With this option, SAP ABAP will map SAML Response NameID to SAP Logon ID. For more NameID options, see http://help.sap.com/saphelp_nw73ehp1/helpdata/en/f4/a4aa9a3f9e47e09f5cc2eeb017c1ec/content.htm

25. Select Logon ID for User ID Mapping Mode

http:/help.sap.com/saphelp_nw73ehp1/helpdata/en/f4/a4aa9a3f9e47e09f5cc2eeb017c1ec/content.htm

http:/help.sap.com/saphelp_nw73ehp1/helpdata/en/f4/a4aa9a3f9e47e09f5cc2eeb017c1ec/content.htm


26. Click Save

27. Click Enable (Enable will become available after you clicked Save)

28. Click OK to confirm

The Active icon changes from a gray diamond to a green square


Configuring SAP NetWeaver ABAP in Cloud Manager

(Part 2) To finish configuring the SAP NetWeaver ABAP application in Cloud Manager:

1. Return to the browser tab you were using to work in the Cloud Manager in Configuring SAP NetWeaver ABAP in Cloud Manager (Part 1) and navigate to the Application Settings screen of your SAP NetWeaver ABAP app

2. Configure the following:

Field Set it to What you do

ACS Endpoint URL

Your custom endpoint URL

Replace YOUR-SAP-ABAP-FQDN-AND-PORT with your actual SAP ABAP FQDN and port number. For example, if your WebGUI is hosted at: http://acme:8000/sap/bc/gui/sap/its/webgui, use acme:8000.

Replace ENDPOINT-PATH with the SAML Endpoint path that you saved from the Enabling SAML and creating a local provider in SAP NetWeaver Administrator.

The result should look something like this: http://acme:8000/saml2/sp/acs/001

Local Provider Name

The name of your local provider; either CentrifySAML or the name saved from Enabling SAML and creating a local provider in SAP NetWeaver Administrator

Enter the local provider name you provided in Enabling SAML and creating a local provider in SAP NetWeaver Administrator

3. Click Save


4. On the Account Mapping page, configure how the login information is mapped to the application’s user accounts. The options are as follows:

Use the following Directory Service field to supply the user name: Use this option if the user accounts are based on user attributes. For example, specify an Active Directory field such as mail or userPrincipalName or a similar field from the Centrify user service

Everybody shares a single user name: Use this option if you want to share access to an account but not share the user name and password. For example, some people share an application developer account

Use Account Mapping Script: You can customize the user account mapping here by supplying a custom JavaScript script. For example, you could use the following line as a script:

LoginUser.Username = LoginUser.Get('mail')+'.ad';

The above script instructs the cloud service to set the login user name to the user’s mail attribute value in Active Directory and add ‘.ad’ to the end. So, if the user’s mail attribute value is [email protected] then the cloud service uses [email protected]. For more information about writing a script to map user accounts, see the SAML application scripting



(Optional) Configuring SAP ABAP SAML to issue a SAP Logon Ticket

If configured, SAP Logon Ticket enables a logged-in SAP user to access other SAP systems through SSO

To configure SAP to create a Logon Ticket after SAML SSO:

1. Follow the procedure in SAP’s documentation: http://help.sap.com/saphelp_nw73ehp1/helpdata/en/4e/0a0e6dbce42287e10000000a15822b/content.htm

2. Call transaction SAML2

3. Go to Local Provider > Service Provider Settings

4. Click Edit

5. In Legacy Systems Support (Issue Logon Ticket), select On

6. Click Save

Note If you did not successfully configure SAP ABAP to create a Logon Ticket in Step 1, setting this option will have no effect

7. Configure your other SAP systems to accept Logon Ticket from ABAP. Refer to the documentation for each other app for instructions. For example,

seehttp://help.sap.com/saphelp_nw73ehp1/helpdata/en/4a/411563343f2ab1e10000000a42189c/content.htm for details about configuring SAP Java to accept Logon Tickets

Other Identity Federation Options in SAP ABAP

SAP ABAP supports other Identity Federation options. Only the following options have been tested with SAP NetWeaver ABAP. For all other options,

seehttp://help.sap.com/saphelp_nw73ehp1/helpdata/en/f4/a4aa9a3f9e47e09f5cc2eeb017c1ec/content.htm

Unspecified and SAP Logon Alias

Note SAP Logon Alias cannot be sued together with Logon ID because they are both under the same NameID source (Unspecified) and SAP ABAP only allows one NameID source per NameID format. For

details of how to manage this, see To configure Unspecified and SAP Logon Alias:

Unspecified and E-mail

Unspecified and Mapping in USREXTID table

Persistent and Interactive account linking

To configure Unspecified and SAP Logon Alias:

1. Enter SAML2 into the execute field

2. Click on Execute

3. Under Trusted Provider, select the Identity Provider you are configuring

4. Click Edit

5. If you do not already have Unspecified added to the supported NameID formats:

a. Under Identity Federation, click Add

b. Select Unspecified and click OK

c. In Source, select Logon Alias

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/4e/0a0e6dbce42287e10000000a15822b/content.htm

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/4e/0a0e6dbce42287e10000000a15822b/content.htm


http://help.sap.com/saphelp_nw73ehp1/helpdata/en/4a/411563343f2ab1e10000000a42189c/content.htm

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/4a/411563343f2ab1e10000000a42189c/content.htm





d. Click Save

6. If you already have Unspecified configured:

a. Under Identity Federation, select the existing Unspecified entry.

b. In Source, select Logon Alias.

c. Click Save


About Centrify

Centrify strengthens enterprise security by managing and securing user identities from cyber threats. As organizations expand IT resources and teams beyond their premises, identity is becoming the new security perimeter. With our platform of integrated software and cloud-based services, Centrify uniquely secures and unifies identity for both privileged and end users across today’s hybrid IT world of cloud, mobile and data center. The result is stronger security and compliance, improved business agility and enhanced user productivity through single sign-on. Over 5000 customers, including half of the Fortune 50 and over 80 federal agencies, leverage Centrify to secure their identity management. Learn more at www.centrify.com.

Santa Clara, California: +1 (669) 444-5200 Email: [email protected]

EMEA: +44 (0) 1344 317950 Web: www.centrify.com

Asia Pacific: +61 1300 795 789

Brazil: +55 11 3958 4876

Latin America: +1 305 900 5354

mailto:[email protected]

http://www.centrify.com/

C E N T R I F Y G U I D E SAP NetWeaver ABAP SAML ... · PDF fileSAP NetWeaver ABAP SAML...

Documents

Transcript of C E N T R I F Y G U I D E SAP NetWeaver ABAP SAML ... · PDF fileSAP NetWeaver ABAP SAML...