SAP HANA Cloud Platform: Set up efficient authentication and authorization processes
Single sign-on (SSO) eliminates the risk created by multiple credentials, and provides streamlined user access to web applications. SAP HANA Cloud Platform security services support different SSO scenarios:
Open Authorization Framework (OAuth) 2.0
OAuth has emerged as the de-facto standard for protecting RESTful application interfaces. In SAP HANA Cloud Platform, applications can protect their web API with OAuth 2.0 simply by configuring deployment settings, without writing any additional code.
Learn more: Security Tutorial: Securing your Web API with OAuth 2.0
Security Assertion Markup Language (SAML) 2.0
SAML 2.0 is a widely adopted protocol for identity federation. All applications deployed on the SAP HANA Cloud Platform support security tokens based on SAML 2.0. Customers need an identity provider to issue the SAML tokens; SAP HANA Cloud Platform offers several options for setting up an identity provider environment.
- SAP HANA Cloud Platform, identity access comes with a cloud-based identity provider
- SAP Single Sign-On includes an on-premise identity provider component (link to )
- SAP ID Service, SAP’s public identity provider, offers free authentication services for SAP customers
- Bring your own identity provider; this option offers support for your preferred authentication mechanisms based on SAML 2.0
X.509 Certificates
SAP HANA Cloud Platform also supports SSO scenarios based on X.509 certificates, a tried-and-tested internet standard for secure authentication. The Secure Login Server component of SAP Single Sign-On can issue X.509 certificates.
Learn more: Single Sign-On with Certificates