Liquid UI - Documentation - 4.16 Configuring Single Sign-On on Liquid UI Server

4.16 Configuring Single Sign-On on Liquid UI Server


Purpose

Single Sign-On (SSO) enables users to authenticate and access multiple applications with one set of sign-in credentials. In a default SAP setup, organizations used to manage different usernames and passwords to login to SAP systems. Companies have standardized this using the Windows Active Directory with Kerberos.

Liquid UI supports Single Sign-On (SSO) for user authentication on Liquid UI Server. Using SSO, you can access a wide variety of web, windows, Android, and iOS applications for SAP. This feature reduces password-related help desk calls and improves security and compliance. It eliminates the need for IT for managing thousands of usernames and passwords. With the Single Sign-On feature, Liquid UI users can enter domain usernames and passwords to login to SAP. The users will now have to remember only one set of login credentials to gain access to SAP.


Architecture


Mechanism

  • Enter Domain credentials on the Liquid UI Server native SAP logon screen.
  • The credentials are transmitted to the Liquid UI Server and then to Microsoft Active Directory.
  • The Active Directory upon receiving the request sends Kerberos token to the Liquid UI Server.
  • Liquid UI Server forwards the Kerberos token to SAP Application Server (ABAP). The server validates the token and authenticates the user credentials by logging into SAP ECC.


Liquid UI supports Single Sign-On that allows users to logon to SAP ERP systems using any one of the following four methods:

  1. Domain credentials

    Configurations:
  2. Portal

    Configurations:
  3. Key-certificate pair

    Configurations:
  4. Key-certificate pair with Cyber safe

    Configurations:
 

The users can create a Domain name on the “Secure Network Communications” (SNC) and use this domain name for multiple logins. Liquid UI Server authenticates users through Windows Active Directory for our Liquid UI for Android. The users will now have to remember only one set of passwords, and you will have only one username database to manage.

Each method has different configurations with the Server. Refer to the Single Sign-On Configuration article to know in detail.

Liquid UI Server also supports advanced features such as two-factor authentication along with interchangeable support for Kerberos, key-certificate pair, etc. to fulfill even the most complex customer requirements of SAP ERP.


Can't find the answers you're looking for?