Hi,
I want to configure SSO with SUP 2.1.3 (next months I will have SMP but now I would like to know with SUP, I don't know if there are any differences).
I know there are a lot of documents regarding on how to do this, but it's still not clear to me if they are talking about login only to SUP or if doing that you are able to call the SAP backend using the same credentials instead of a hardcoded user.
So my landscape has the following components:
- Mobile Devices
- SUP 2.1.1
- Active Directory were the users have they windows password (the only now they know)
- Enterprise Portal which is referencing to AD, so all the users present in AD are also in EP.
- Different SAP Backends (ECC, CRM…)
Now my question is, should my SUP security configuration be configured to use users from AD or from EP? I would like to use AD but then I'm not sure if AD can provide the tokens/tickets to log on to the backend system.
And then I would know the tasks to be performed in order to achieve this. I know I have to create the security configuration pointing to the user store and assign it to the domain and package, but what do I have to do in the AD/EP? Do I have to create a new group in AD and assign the mobile devices users to this group? Do I have to create certain roles in AD? And then assign these roles to the newly created group?
I'm sorry because last days I've been coming with so many questions. I think the documentation is good but to fully understand it you need some more knowledge than mine (in this case about LDAP, AD, EP and SSO…).