Click here to load reader

SAP Cloud Identity Overview Presentation · PDF fileSAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity

  • View
    228

  • Download
    0

Embed Size (px)

Text of SAP Cloud Identity Overview Presentation · PDF fileSAP HANA Platform SAP NetWeaver...

  • SAP Cloud Identity ServiceSecure Authentication, Single Sign-On and User Management in the Cloud

    December 2015

  • Introduction

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 3Public

    SAP Cloud Identity ServiceIn the SAP IT application security product portfolio

    SAPBusiness

    Suite

    SAP CloudApplications

    SAP MobileApplications

    3rd PartySystems

    SAP HANA Platform SAP NetWeaver Application Server

    SAP AccessControl

    SAP IdentityManagement

    Make it simple for users to dowhat they are allowed to do.

    Know your users and whatthey can do.

    SAP SingleSign-On

    Ensure corporatecompliance to

    regulatory requirements.

    PlatformSecurity

    Make sure that SAPsolutions run securely

    SAP EnterpriseThreat Detection

    Counter possible threats andidentify attacks.

    Add-On for CodeVulnerability

    Analysis

    Find and correctvulnerabilities in customer

    code.

    SAP CloudIdentity service

    Manage the identity life-cyclein the cloud.

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 4Public

    Capabilities

    SAP Cloud Identity ServiceIn the SAP HANA Cloud Platform landscape

    Integration User Experience Analytics

    Dev & Ops Security Collaboration

    Data & Storage Business Services Mobile

    Internet of Things

    SAP HANA Cloud Platform(PaaS)

    Runtimes

    HANA XS

    HCP Servers (IaaS)1

    2

    1) beta functionality 2) planned innovations / future direction

    On-Premise /Managed Cloud

    SaaS

    SAP S/4HANA

    SAP BusinessSuite

    SAP BusinessWarehouse

    SAP S/4HANA

    SuccessFactors

    SAP Cloud forCustomer

    SAP Data Centers

    Ariba

    Hybris

    Concur

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 5Public

    RealtimeMobile

    Todays world is

    Always-on

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 6Public

    Today

    ...anytime and anywhere,

    business people.

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 7Public

    sharepresent reviewdecide

    travel

    prepareapprovereadwrite

    negotiatelearn

    show

    sellview

    Today

    purchase

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 8Public

    Username

    ************ Logon

    need access to many applications

    Today

    take a coffee and logon

    at their workplace or outside

    80% of employees report needingaccess to work documents from outsidethe office1

    1. BusinessWire.com New Survey Finds Over Half of Employees Use Unauthorized Consumer Based File-Sharing Apps at Work (SkyDox survey)

    http://www.businesswire.com/news/home/20120607005125/en/Survey-Finds-Employees-Unauthorized-Consumer-Based-File-Sharing

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 9Public

    how manytimes a day

    Today

    how manypasswords to

    remember?

    Username

    ************

    Logon

    Username

    ************

    Logon

    Username

    ************

    Logon

    Username

    ************

    Logon

    Username

    ************ Logon

    Username

    ************ Logon

    Username

    ************ Logon

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 10Public

    Today

    49%51%

    Traditional Data Centers

    Cloud Data Centers

    1. Cisco Study http://www.zdnet.com/article/cisco-projects-data-center-cloud-traffic-to-triple-by-2017/2. IDC FutureScape: Worldwide IT Industry 2016 Predictions Leading Digital Transformation to Scale

    2014 is the first year when the majority ofworkloads(51%) shift to the cloud1

    Cloud applications bring competitiveadvantage to businesses

    By 2018, at Least Half of IT Spending Will BeCloud Based, Reaching 60% of All ITInfrastructure and 60-70% of All Software,Services, and Technology Spending by 20202

    Tomorrow

    http://www.zdnet.com/article/cisco-projects-data-center-cloud-traffic-to-triple-by-2017/http://www.idc.com/research/viewtoc.jsp?containerId=259850

  • Product Overview

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 12Public

    SAP Cloud Identity ServiceProduct overview

    SAP Cloud Identity service:

    Secure access via the internet

    Web & mobile Single Sign-On

    Identity Federation andAuthentication

    Social and strong authentication

    Central User Store

    Branding and policies

    User self-services

    On-premise integration

    SAP Cloud Identity

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 13Public

    SAP Cloud Identity ServiceBusiness-to-Consumer scenario

    Secure access and Single Sign-On across sites (based onSAML)

    User self-services Configurable User Registration form Account activation with email verification Password reset User Profile page

    Social Logon - Account linking/unlinking Unified user experience optimized for all devices Flexibility out-of-the-box Configurations per web application Branding (logo and colors) Own Privacy Policy and Terms of Use Password Policy

    Central User Management Import existing users

    Logon******

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 14Public

    SAP Cloud Identity ServiceBusiness-to-Employee scenario

    Secure access and Single Sign-On across cloud or on-premise web applications (based on SAML)

    Central User Management Rich choice of authentication methods: Two-factor Authentication and Mobile SSO Authentication against

    - Corporate User Store (LDAP, NW)- Other Identity Provider

    SPNEGO authentication - no login required afterauthentication in the corporate domain

    User self-services Account activation via email Password reset User Profile page

    Unified user experience optimized for all devices Flexibility of configurations per application Branding and Policies

    Logon******

    Corporate Network

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 15Public

    Secure Access and Single Sign-OnAccess to cloud and on-premise web applications

    SAP HANACloud Platform

    SAP S/4HANA,cloud

    Cloud Portal Sites

    SAP MobileDocuments

    Applications

    Logon

    other cloud

    SAP Cloud Identity

    Corporate Network

    ******

    Other

    SAPNetworkedLogistics Hub

    SAP MobileSecure SAP

    InnovationManagement

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 16Public

    Secure Access and Single Sign-OnWeb Single Sign-On

    SAP Cloud Identity

    1

    2

    3

    if correct

    browser

    new tab

    new tab

    Username

    ************

    Logon

    Identity Federation and Authentication User credentials give access to multiple applications Users have one username and password to remember Customers/Partners register once

    Developers dont need to build user management foreach in-house built application

    IT does not need to manage disconnected silos of usersfor each application

    Based on industry standard SAML 2.0 Authentication mechanisms applied centrallyWeb Single Sign-On Improved user productivity

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 17Public

    Authentication Methods and User Store Variants1. SAP Cloud Identity as a cloud user store

    Applications

    Other Cloud

    SAP Cloud Identity

    Logon

    ******

    Cloud User Store

    Suitable for all scenarios B2E, B2B,B2C

    Secure authentication and SSO forcloud and on-premise web apps

    Self-services as registration, forgotpassword, User Profile page

    Social logon and Two-FactorAuthentication

    Branding and policies per application Web User Management User groups Logon credentials email/userID/username password

    SAML

    SAML

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 18Public

    Authentication Methods and User Store Variants1. SAP Cloud Identity as a cloud user store - Logon

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 19Public

    Authentication Methods and User Store Variants1. SAP Cloud Identity as a cloud user store Registration

    or direct Register link

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 20Public

    Authentication Methods and User Store Variants2. Social Authentication

    Applications

    Other Cloud

    SAP Cloud Identity

    Social Media Authentication

    Suitable for B2C, B2B scenarios Enabling per application Linking and unlinking of Social

    accounts possible Logon credentials Social Media username Social Media password

    OAuth

    Social MediaIdPs

    SAML

    SAML

    Logon

    ******Logon

    ******

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 21Public

    For Business-to-Consumer or Business-to-Partner Scenarios

    Authentication Methods and User Store Variants2. Social Authentication Logon

    if logged in into Social media site

  • 2015 SAP SE or an SAP affiliate company. All rights reserved. 22Public

    Authentication Methods and User Store Variants3. Two-Factor Authentication with SAP Authenticator

    Applications

    Other Cloud

    SAP Cloud Identity

    Two-Factor Authentication withOne-Time Passwords

    Provides two means of identification Second factor required for high

    security scenarios (HR, Bank,sensitive data access, apps for powerusers)

    Configurable per application Mobile SSO with SAP Authenticator Logon c