IT departments who must give Windows-based end-users access to SAP hosted on UNIX or Linux feel the pain daily: users are frustrated by having to remember multiple passwords, helpdesk resources are consumed with constant account and password reset requests, provisioning new users is cumbersome, and any lapse in disabling access for exiting users could land them in trouble with IT security or compliance auditors. In this video chalktalk, you'll see how Centrify DirectControl addresses each of the technical and business challenges around delivering single sign-on for SAP users. IT then demonstrates how leveraging Active Directory represents a cost-effective and easy-to-deploy solution.


Running Time: 40 minutes


Corey Williams, Director, Product Management


Tom Kemp, Chief Executive Officer


Topics Covered

  • Overview of Centrify DirectControl for SAP
  • A comparison of the unsecure version of SAP sign-on versus DirectControl's secure, Kerberos-based silent authentication
  • How support for SAP Basis provides transparent sign-on for users who have access to multiple SAP instances
  • The productivity gains and help desk cost savings that IT departments realize from Active Directory single sign-on
  • The security benefits of having centralized control over access to SAP
  • A visual look at the authentication flow between the SAPgui, the SAP server, and Active Directory
  • How the DirectControl client agent for SAPgui works and deployment options
  • The architecture of the DirectControl agent on the SAP server
  • How Kerberos encrypts and thus protects communication of SAP data across the network
  • The challenges of setting up a fault-tolerant Kerberos stack on an SAP server and how Centrify solves them
  • The security advantages of managing access to SAP server via Active Directory
  • How DirectControl associates Active Directory identities with existing SAP identities and tools and strategies for the initial configuration
  • The ease and speed with which the DirectControl solution can be deployed
  • Security and compliance reasons why some organizations want end-users to be reprompted to log in versus silent authentication, and how IT managers can configure these login options using Windows Group Policy
  • DirectControl's comprehensive platform support for SAP on UNIX and Linux, and SAPgui for Windows and Java
  • Centrify's integrated role-based privilege management and session auditing
  • How the complexities of Active Directory (which is a multimaster database, supports cross-domain trusts, and the like) makes it extremely challenging to build a custom LDAP interface to SAP
  • The value of having an SAP-certified solution like Centrify DirectControl
  • The approach to supporting SAP Netweaver for J2EE and Portal
  • How Centrify's approach of leveraging existing infrastructure provides a simple and cost-effective solution

Single Sign-On for Web Applications

By ‎01-27-2015 02:20 PM


Describes how DirectControl provides Active Directory-based single sign-on for web applications, including a discussion of how DirectControl supports Microsoft Active Directory Federation Service.

Running Time: 32 minutes


Paul Moore, Chief Technical Officer


Tom Kemp, Chief Executive Officer



Showing results for 
Search instead for 
Do you mean 

Community Control Panel