Skip to Content

Lumira 2.1: X509 based Single Sign On support with BI Platform

This blog is intended to provide you an overview of the support for Multifactor authentication to perform Single-Sign-On to BI Platform (using X509) via Secure Login Client (SLC) in Lumira Discovery 2.1.

Starting from Version 4.2 SP05, BI platform offers support for X509 based multifactor authentication for various thin and thick clients. This means the clients like Lumira also supports x509 based Single-Sign-on to BI Platform


  • You have set up SAP Secure Login Client (SLC) on your desktop machine for authentication. It has a valid X.509 certificate stored.
  • You have configured SAP BI Platform to accept trusted X.509-based logon requests via RESTful connection.

  • You are using SAP BI Platform 4.2 SP05 version and above.

Refer to the additional References for more information…


Single Sign On with X509 using Lumira:

Once the above Pre-requisites are met, you can chose to enable X509 based logon option in the Lumira preferences –>Network option.

Since X509 is supported via RESTful, the URL needs to be configured.

Also since HTTPS WACS is a pre-requisite, providing a HTTP URL would not work here.

you need to restart the Lumira after configuration.


Logon to BI Platform with Single Sign On:

In the Home page go to the BI Platform tab and select “SSO Authentication” option and click on connect button. This would read the x509 based certificate available with the SAP Secure Login Client (SLC) installed on your desktop and provide single sing on to the BI Platform.


Once connected to BI Platform, all further communication for other workflows happens via the established session.


Additional References:

BI Platform Rest SDK:

Trusted x509 authentication support for BI Platform for rest:

SAP Single Sign on and Secure Login Client:



Thank You!

You must be Logged on to comment or reply to a post.
  • Hi Srivathsa ,


    We are configuring the Lumira Discovery SSO in our systems . We are currently configuring the secure login client in order to allow the SSO but we don´t have clear how to do it. Could you explain us how to do it?


    Thanks a lot





      If you need to achieve just the single sign on using windows AD Kerberos to BI Platform, you don’t need to follow this blog post. You can do it the same way as you did for Lumira 1.3x or for other clients. This is still supported.

      If you need factored authentication using x509 certificate via SAP Secure Login Client, you could follow this blog.



      Srivathsa Dixit