SAP Security Online - Enterprise Portal Authentication


	R/3 Security
	BW Security
	Enterprise Portal
		Installation Guide
	CUA
	Single Sign On
	SOX/ SoD
	OSS
	HR Security
	Other SAP Apps
	Solution Manager
	Interview Questions

Enterprise Portal- Authentication

Authentication
Good thing about portal is that user can be authenticated against LDAP. I have tried this with MS Active Directory, and it works like a champ. It supports both Flat Hierarchy, and Deep Hierarchy. Please check with your LDAP admin what kind of Hierarchy your company is using. Do ask him/her to create a read only user which can be used to configure you LDAP connector. Here are few advantages using LDAP:

Don’t have to create user id for portal. Just imagine if you have1000’s of users.
One less password to remember, as it will be same as LDAP
It is easy to setup.

Then if you don’t have LDAP you can still create local user, which work fine as well. For our test servers we will be using local users as I don’t have the infrastructure to setup a LDAP server.

You can use both database as well as LDAP repository for authentication. Generally company's use database for external users and LDAP for company employee

Connecting Portal to LDAP Data Source. Make sure you test the connection and if you have a LDAP account. Try to sign on using that account. You should be able to sign on and should only get an empty page

To connect to LDAP follow the following steps.

Logon to portal
System Administration >> System configuration >>UM configuration
Go to Data Source tab - By default it is Data source is Database. You can change this to your corporate LDAP
Go to LDAP server and put the LDAP server and user and do check the user path from your administrator.
Test the connection and then save.
You are done.
You can use a test id to logon and you will see blank page like below

Create a Portal user in Database

To create a local user in SAP Portal. Login with a user, who has user administrator role. You should see user administration tab. Go to users and click on create user.
Fill all the fields shown below and hit create. Don't forget the password

Now I logon using portal1 the initial screen will look like

Assigning the user super admin role

Let me make one of the test user portal2 as super admin. All you have to do is assign the user super admin role. Just like you do in SAP R/3 assign the user sap_all profile.

In portal it works like this. You open the role and add the user(s).
Go to User Administration >Roles .
Select role from drop down and search for super*

Click on edit.

Search for portal* and check portal2 and click Add. Click save to save

Now since we have created a super account. Lets go and disable sap*
Go to System Administration> System configuration > UM configuration
Uncheck Enable SAP* user (If you disable the SAP* user, enter a super user ID and password below)

Save. For the changes to take effect you have to restart portal.

Let's sign on with portal2 and you can see that this user has all the authorization.

Now I will create another user support1, and give just User administration role. Look how the tabs changed. Each tab is associated with a role. If the user don't have any role will have no tabs.

SAP Help | SAP Service Market Place | SAP SDN