EP: The Enterprise Portal & Security – Security Checklist – Logon Part 2
Backdrop: When utilizing a setup including the SAP Enterprise Portal the primary means of utilizing the centralized access platform for various applications is a central logon screen.
Accessing The Portal
To access the Enterprise Portal Logon Screen you utilize a support Web Browser Platform. Here as per your organizations business requirements you will almost certainly be using a proposed and recommended Web Browser which has been deemed as standard by your Portal Administrator through a list of supported browsers.
Ensuring the Browser is Supported.
From the Portal’s perspective in terms of intended utilization it is of vital importance that the Web Browser Platform being used is supported from SAP’s perspective. In order to support optimal browser performance you will need to ensure that the current Product Version being utilized (IE, Chrome, Firefox, Safari) supports your NW Version and vice versa. In relation to optimal browser performance here I am making reference to two difference aspects:
- Rendering: how the presentation is presented to the end user in terms of EP components & elements
- Navigation: functionality setup and essentially “click-ability” and “select-ability”
Checking the Browser is Supported.
The primary means of checking whether or not your present Web Browser Platform version is supported is through the SAP PAM or Product Availability Matrix. On the PAM we are given insight into which different Product Versions support Web Browser Versions and vice-versa. The PAM will also provide an informative outlined into the limitations (if any) which may exist which a potentially unsupported setup.
- Access the PAM: https://support.sap.com/pam
Importance of Supported Browsers (High Level)
Modern computing environments whether in the workplace or in the privacy of our own homes offer end-users a continual and consistent means of access to the internet and subsequent websites and applications. The sole means of accessing the Internet is through Web Browser Platforms and it has been noted recently “internet attackers” are favoring an approach of “attacking” through these Browser Platforms.
An unsupported Web Browser Platform can be cross-translated into a potentially insecure Platform thus paving the way for Web Attackers to enter the fold and compromise security, information and data.
Although we can refer to the risk of using an supported Browser Platform as a lack of common sense in many cases we inadvertently open ourselves up to potential threats. For example if you are using standardized company software and are participating in a project perhaps you want to make use of a free software to offer an extra degree of detail to your project. This could be anything from grammatical process setups or perhaps a graphical generation software.
If you have experiencing with downloading any software program you would have encountered the launch program and .exe files on many occasions. Here we often navigate quickly through the launch tool as we only want to make use of the final product. In doing so we might accidentally install a host of third party tools such as browser plugins, and toolbar setups.
In true essence you are never quit sure as to what you are downloading if not from a trusted source. Upon downloading any third party software even for temporary use inadvertently you could be installing spyware and phishing mechanism to which you are “none the wiser”.
The recommendation is to install only what is supported and seek consultation from Admins regarding any potential queries you may have regarding the intended utilization of programs or tools which may not be available as standard in an organizational setup.
Plugins & Add-On’s
In direct correlation to what we covered above if third-party mechanism in your browser such as plugins, popup blockers, ad-blockers toolbar rankings etc can all play a role in the underlying functionality when it comes to logging into the Portal. Here the underlying concept of blacklisting and white-listing comes into play and fruition.
Logging On – Credentials
The process of logging onto the Portal ordinarily involves a standard credential input mechanism for authorized users via a password and username declaration. Upon following the URL link through internal shortcuts or browser setups you will be presented with the Enterprise Portal Logon Screen.
Password Tips (If Applicable)
- Dictionary Words Combination
- Lowercase & Uppercase
- Numbers & Symbols
- If you have further queries upon this the recommendation is to contact your System Administrator
- If you cannot for any reason logon you can utilize the “GetSupport” link on the Portal Logon Screen Homepage.
- This “GetSupport” option ordinarily requires configuration.
- Upon clicking the link and entering details about the issue while logging on a System Administrator will be notified.
Mapping Client Certificate
- Utilizing a setup that involves a client certification will allow you to logon to the Portal without the need for entering logon credentials.
- Instead a secure protocol is utilized (https) via the Poral URL.
- Mixed protocols are not supported
- Client Certification for authentication https://help.sap.com/saphelp_nw70ehp1/helpdata/en/62/881e3e3986f701e10000000a114084/content.htm