- SAP HANA Admin Tutorial
- SAP HANA Admin - Home
- SAP HANA Admin - Overview
- Architecture Overview
- Multitenant Database
- Multiple Host Systems
- Tools
- Cockpit
- Studio
- SAP HANA Admin - System Mngmt
- Multitenant DB Container Mgmt
- Starting a HANA System
- Stopping a HANA System
- License Keys
- Monitoring the HANA System
- SAP HANA Admin - Table Mngmt
- SAP HANA Admin - Table Partition
- SAP HANA Admin - Table Replication
- Data Compression
- Solman Integration
- SAP HANA Admin - Lifecycle Mngmt
- Securing HANA System
- User Provisioning
- Authentication Methods
- Auditing Activities
- Backing Up HANA System
- Recovery HANA System
- HANA XS Application Service
- Data Provisioning
- Smart Data Access
- New Remote System Connection
- Integration with Hadoop
- Key Commands
- Job Responsibilities
- SAP HANA Admin Useful Resources
- SAP HANA Admin - Quick Guide
- SAP HANA Admin - Useful Resources
- SAP HANA Admin - Discussion
SAP HANA Admin - Authentication Methods
All SAP HANA users who have access to HANA database are verified with different Authentication methods. SAP HANA system supports various types of authentication methods and all these login methods are configured at the time of profile creation.
Following is the list of authentication methods supported by SAP HANA −
- User name/Password
- Kerberos
- SAML 2.0
- SAP Logon tickets
- X.509
User Name/Password
This method requires HANA user to enter the user name and password to login to database. This user profile is created under User management in HANA Studio → Security Tab.
Password should be as per password policy. For example - Password length, complexity, lower and upper case letters, etc. You can change the password policy as per your organization’s security standards.
Note − The password policy cannot be deactivated.
Kerberos
All users who connect to HANA database system using an external authentication method should also have a database user. It is required to map the external login to the internal database user.
This method enables the users to authenticate HANA system directly, using JDBC/ODBC drivers through the network or by using front-end applications in SAP Business Objects.
It also allows HTTP access in HANA Extended Service using HANA XS engine. It uses SPENGO mechanism for Kerberos authentication.
SAML
SAML stands for Security Assertion Markup Language and can be used to authenticate the users accessing HANA system directly from ODBC/JDBC clients. It can also be used to authenticate the users in HANA system, coming via HTTP through HANA XS engine.
SAML is used only for authentication purposes and not for authorization.
SAP Logon and Assertion Tickets
SAP Logon/assertion tickets can be used to authenticate the users in HANA system. These tickets are issued to the users when they login into SAP system, which is configured to issue tickets such as SAP Portal, etc. User specified in SAP logon tickets should be created in HANA system as it doesn’t provide support for the mapping users.
X.509 Client Certificates
X.509 certificates can also be used to login to HANA system via HTTP access request from HANA XS engine. Users are authenticated by certificates that are signed from trusted Certificate Authority, which is stored in HANA XS system.
The user in trusted certificate should exist in HANA system as there is no support for user mapping.
Single Sign On in HANA System
Single sign on can be configured in HANA system, which allows the users to login to HANA system from an initial authentication on the client. User logins at client applications using different authentication methods and SSO allows the user to access HANA system directly.
SSO can be configured using the following configuration methods −
- SAML
- Kerberos
- X.509 client certificates for HTTP access from HANA XS engine
- SAP Logon/Assertion tickets
You can also use SAP HANA Cockpit for performing user and role management tasks.
