sap cloud identity overview presentation · sap hana platform sap netweaver application server sap...

49
SAP Cloud Identity Service Secure Authentication, Single Sign-On and User Management in the Cloud December 2015

Upload: dangkhue

Post on 01-Jul-2018

285 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

SAP Cloud Identity ServiceSecure Authentication, Single Sign-On and User Management in the Cloud

December 2015

Page 2: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

Introduction

Page 3: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 3Public

SAP Cloud Identity ServiceIn the SAP IT application security product portfolio

SAPBusiness

Suite

SAP CloudApplications

SAP MobileApplications

3rd PartySystems

SAP HANA Platform SAP NetWeaver Application Server

SAP AccessControl

SAP IdentityManagement

Make it simple for users to dowhat they are allowed to do.

Know your users and whatthey can do.

SAP SingleSign-On

Ensure corporatecompliance to

regulatory requirements.

PlatformSecurity

Make sure that SAPsolutions run securely

SAP EnterpriseThreat Detection

Counter possible threats andidentify attacks.

Add-On for CodeVulnerability

Analysis

Find and correctvulnerabilities in customer

code.

SAP CloudIdentity service

Manage the identity life-cyclein the cloud.

Page 4: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 4Public

Capabilities

SAP Cloud Identity ServiceIn the SAP HANA® Cloud Platform landscape

Integration User Experience Analytics

Dev & Ops Security Collaboration

Data & Storage Business Services Mobile

Internet of Things

SAP HANA® Cloud Platform(PaaS)

Runtimes

HANA XS

HCP Servers (IaaS)1

2

1) beta functionality 2) planned innovations / future direction

On-Premise /Managed Cloud

SaaS

SAP S/4HANA

SAP BusinessSuite

SAP BusinessWarehouse

SAP S/4HANA

SuccessFactors

SAP Cloud forCustomer

SAP Data Centers

Ariba

Hybris

Concur

Page 5: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 5Public

RealtimeMobile

Today’s world is…

Always-on

Page 6: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 6Public

Today

...anytime and anywhere,

business people….

Page 7: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 7Public

sharepresent reviewdecide

travel

prepareapprovereadwrite

negotiatelearn

show

sellview

Today

purchase

Page 8: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 8Public

Username

************ Logon

…need access to many applications…

Today

…take a coffee and logon

at their workplace or outside

”80% of employees report needingaccess to work documents from outsidethe office”1

1. BusinessWire.com “New Survey Finds Over Half of Employees Use Unauthorized Consumer Based File-Sharing Apps at Work” (SkyDox survey)

Page 9: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 9Public

…how manytimes a day

Today

… how manypasswords to

remember?

Username

************

Logon

Username

************

Logon

Username

************

Logon

Username

************

Logon

Username

************ Logon

Username

************ Logon

Username

************ Logon

Page 10: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 10Public

Today

49%51%

Traditional Data Centers

Cloud Data Centers

1. Cisco Study http://www.zdnet.com/article/cisco-projects-data-center-cloud-traffic-to-triple-by-2017/2. IDC FutureScape: Worldwide IT Industry 2016 Predictions — Leading Digital Transformation to Scale

“2014 is the first year when the majority ofworkloads(51%) shift to the cloud”1

Cloud applications bring competitiveadvantage to businesses

“By 2018, at Least Half of IT Spending Will BeCloud Based, Reaching 60% of All ITInfrastructure and 60-70% of All Software,Services, and Technology Spending by 2020”2

Tomorrow

Page 11: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

Product Overview

Page 12: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 12Public

SAP Cloud Identity ServiceProduct overview

SAP Cloud Identity service:

ü Secure access via the internet

ü Web & mobile Single Sign-On

ü Identity Federation andAuthentication

ü Social and strong authentication

ü Central User Store

ü Branding and policies

ü User self-services

ü On-premise integration

SAP Cloud Identity

Page 13: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 13Public

SAP Cloud Identity ServiceBusiness-to-Consumer scenario

ü Secure access and Single Sign-On across sites (based onSAML)

ü User self-services§ Configurable User Registration form§ Account activation with email verification§ Password reset§ User Profile page

ü Social Logon - Account linking/unlinkingü Unified user experience optimized for all devicesü Flexibility out-of-the-box§ Configurations per web application§ Branding (logo and colors)§ Own Privacy Policy and Terms of Use§ Password Policy

ü Central User Management§ Import existing users

Logon******

Page 14: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 14Public

SAP Cloud Identity ServiceBusiness-to-Employee scenario

ü Secure access and Single Sign-On across cloud or on-premise web applications (based on SAML)

ü Central User Managementü Rich choice of authentication methods:§ Two-factor Authentication and Mobile SSO§ Authentication against

- Corporate User Store (LDAP, NW)- Other Identity Provider

§ SPNEGO authentication - no login required afterauthentication in the corporate domain

ü User self-services§ Account activation via email§ Password reset§ User Profile page

ü Unified user experience optimized for all devicesü Flexibility of configurations per applicationü Branding and Policies

Logon******

Corporate Network

Page 15: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 15Public

Secure Access and Single Sign-OnAccess to cloud and on-premise web applications

SAP HANA®

Cloud Platform

SAP S/4HANA,cloud

Cloud Portal Sites

SAP MobileDocuments

Applications

Logon

other cloud

SAP Cloud Identity

Corporate Network

******

Other

SAPNetworkedLogistics Hub

SAP MobileSecure SAP

InnovationManagement

Page 16: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 16Public

Secure Access and Single Sign-OnWeb Single Sign-On

SAP Cloud Identity

1

2

3

if correct

browser

new tab

new tab

Username

************

Logon

Identity Federation and Authenticationü User credentials give access to multiple applications§ Users have one username and password to remember§ Customers/Partners register once

ü Developers don’t need to build user management foreach in-house built application

ü IT does not need to manage disconnected silos of usersfor each application

ü Based on industry standard – SAML 2.0ü Authentication mechanisms applied centrallyWeb Single Sign-Onü Improved user productivity

Page 17: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 17Public

Authentication Methods and User Store Variants1. SAP Cloud Identity as a cloud user store

Applications

Other Cloud

SAP Cloud Identity

Logon

******

Cloud User Store

ü Suitable for all scenarios B2E, B2B,B2C

ü Secure authentication and SSO forcloud and on-premise web apps

ü Self-services as registration, forgotpassword, User Profile page

ü Social logon and Two-FactorAuthentication

ü Branding and policies per applicationü Web User Managementü User groupsü Logon credentials§ email/userID/username§ password

SAML

SAML

Page 18: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 18Public

Authentication Methods and User Store Variants1. SAP Cloud Identity as a cloud user store - Logon

Page 19: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 19Public

Authentication Methods and User Store Variants1. SAP Cloud Identity as a cloud user store – Registration

or direct Register link

Page 20: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 20Public

Authentication Methods and User Store Variants2. Social Authentication

Applications

Other Cloud

SAP Cloud Identity

Social Media Authentication

ü Suitable for B2C, B2B scenariosü Enabling per applicationü Linking and unlinking of Social

accounts possibleü Logon credentials§ Social Media username§ Social Media password

OAuth

Social MediaIdPs

SAML

SAML

Logon

******Logon

******

Page 21: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 21Public

For Business-to-Consumer or Business-to-Partner Scenarios

Authentication Methods and User Store Variants2. Social Authentication – Logon

if logged in into Social media site

Page 22: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 22Public

Authentication Methods and User Store Variants3. Two-Factor Authentication with SAP Authenticator

Applications

Other Cloud

SAP Cloud Identity

Two-Factor Authentication withOne-Time Passwords

ü Provides two means of identificationü Second factor required for high

security scenarios (HR, Bank,sensitive data access, apps for powerusers)

ü Configurable per applicationü Mobile SSO with SAP Authenticatorü Logon credentials§ email/userID/username§ Password

+§ 6 digit One-Time Password generated on

a mobile device

SAML

SAML

Logon

******Logon

passcode

username

Page 23: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 23Public

Authentication Methods and User Store Variants3. Two-Factor Authentication with SAP Authenticator

Based on SAP Authenticator (free) Mobile Appü Generates 6-digit One-Time Passcodesü Available for iOS and Androidü RFC 6238 compatibleü Enables Mobile SSO

Page 24: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 24Public

For Business-to-Partner or Business-to-Employee Scenarios

Authentication Methods and User Store Variants3. Two-Factor Authentication with SAP Authenticator

SAP Authenticator(free app - iOS and

Android)

Page 25: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 25Public

Authentication Methods and User Store Variants3. Mobile Single Sign-On for applications with Two-Factor Authentication

1

3. Subsequent Logons to thisapplication via SAP Authenticatorwon’t require entering Username,One-Time Passcode and Password (ifRemember me marked)

Username

************

Logon

ü Remember me

Onetime setup:1. Add a web application to SAP

Authenticator2. Open the application from the SAP

Authenticator – enter password andoptionally mark Remember me

Prerequisites:The user has activated the mobile device for Two-factor Authentication on SAP AuthenticatorThe application has Two-Factor Authentication enabled and IdP-Initiated SSO is enabled on Tenant level

3

2

Page 26: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 26Public

Authentication Methods and User Store Variants4. SAP Cloud Identity as a proxy to a Corporate Identity Provider

CorporateIdentityProvider

Applications

Other Cloud

SAP Cloud Identity

Corporate Network

SAML Identity Provider Proxyü Authentication to cloud applications is

redirected to corporate Identity Providerlogin

ü Reusing existing corporate identityinfrastructure

ü Easy and secure authentication forexternalized Business-to-Employee(B2E) scenarios

ü Identity Provider options:§ SAML 2.0 compliant IDP§ SAP SSO(benefit from native apps, web and

mobile SSO)§ Microsoft ActiveDirectory FS 2.0

ü Logon credentials§ IDP username§ IDP password

SAML

SAML

Logon

******

Page 27: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 27Public

Applications

SAP Cloud Identity

Corporate Network

Corporate On-premise User Storeü Users Credentials from:§ MS Active Directory§ Different User Stores – via SAP NetWeaver

AS JAVA- with SAP SSO -> to SAP NetWeaver AS ABAP- multiple Microsoft Active Directories

ü Replication and synchronization of userrecords to the cloud not required

ü Internal network ports do not need to beexposed to the Internet

ü External users can register and can bestored in the cloud

ü All SAP Cloud Identity features can beused: Branding, customizations andpolicies, 2FA

Prerequisites§ SAP HANA ® Cloud Platform Account§ SAP Cloud Connector

Authentication Methods and User Store Variants5. Corporate on-premise user store

Tunnel

SAP HANA®

Cloud Platform

or

SAP NWJAVA

SAP SSO

LDAP+

AS ABAP

SAML

Logon

******

Page 28: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 28Public

Authentication Methods and User Store Variants5. Corporate on-premise user store - Logon

LDAP credentials

or

cloud credentials

Page 29: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 29Public

Applications

SAP Cloud Identity

Corporate Network

SPNEGO* Authenticationü Users authenticated with Corporate LDAP

Credentials on their Desktops are gettingSingle Sign-On to cloud applicationswithout the need to enter their credentials

ü Reusing existing corporate identityinfrastructure

ü Secure authentication and SSO for cloudand on-premise web apps

ü Increase user productivity in B2EScenarios

Authentication Methods and User Store Variants6. SPNEGO Authentication

LDAP

AS AAP

Corporate LDAPcredentials

Kerberostoken

*Simple and Protected GSSAPI Negotiation Mechanism

HTTPS (SPNEGO)

SAML

Page 30: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 30Public

Logon

******

LDAP Credentials

1

2

without login

Corporate Network

Authentication Methods and User Store Variants6. SPNEGO Authentication

For Business-to-Employee Scenarios inside Corporate Network

Page 31: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 31Public

ü Forgot passwordü Configurable self-registrationü User Profile page§ Mobile device activation (for 2FA)§ Change password

ü Account activationü Upgrade accountü Invitation and on-behalf

registration (via REST API)

User Self-Services

Page 32: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 32Public

Branding and CustomizationConfigurable per application

ü Logo and Colors§ On UIs§ In e-mails

ü Terms of Use & Privacy policyü Password policyü Multi-language support

DE, EN, ES, FR, JA, KO, NL, PL, PT, RU, ZH

Responsive UIs

Page 33: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 33Public

Branding and CustomizationConfigurable Registration Form per application

More info: Documentation

Page 34: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 34Public

Access Levels and Authentication MethodsConfigurable per application

Public Access+ Social Logon forCustomers/Partners

Strong Authentication with a second factor -One-Time Passcode

Private Access

SAP Authenticator(free app - iOS and

Android)

Page 35: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 35Public

Administration Console FunctionalityOverview

Applications Configurationsü Identity Provider and SAML settingsü Application accessü Authentication optionsü Policies – ToU, Privacy, Passwordü Branding(logo and colors)ü Email templatesü Registration form(add fields)

User Managementü Administrators (users and admin roles)ü User administrationü User groupsü Users Import per applicationü Users Downloadü APIs – SCIM User Search, Invite,

Register

Usage ReportingChange Logsü CSV download

Responsive UI (SAP Fiori)

Page 36: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 36Public

Administration Console FunctionalityUser Management

Page 37: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 37Public

Administration Console FunctionalityUser Management

Page 38: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 38Public

Administration Console FunctionalityAdministrators Roles

Page 39: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 39Public

SAP HANA® Cloud Platform and SAP Cloud Identity IntegrationEasy SAML Trust configuration with just a click of a button

Trust configuration integration:ü The Trust can be easily configured in the

SAP HCP Cockpit Trust section - SAPCloud Identity will be added as defaultTrusted IDP just by clicking a button

ü In SAP Cloud Identity Admin Console –the SAP HCP account is added as anapplication (SP)

ü Customers have Login out-of-the-box toprotected SAP HCP applications andother SAP HCP services

SAP HCP Account

*For customers using SAP Cloud Identity and SAP HANA® Cloud Platform

Page 40: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

Enterprise Aspects

Page 41: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 41Public

SAP Cloud Identity runs in SAP manageddatacenter infrastructure§ World-class data center located in:

§ St. Leon-Rot (2) and Walldorf

§ Advanced network security§ Reliable data backup§ Built-in compliance, integrity, and confidentiality

SAP Cloud Identity Data Center Presence

SAP Cloud Identity Data Centers

Rot/Walldorf

http://www.sapdatacenter.com/ SAP HANA Cloud Data Centers

Ashburn

Sydney

Phoenix

Page 42: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 42Public

AuthenticateVarious authentication

methods possible

ProtectPassword policies and

option to use strongauthentication

CentralizeManage centrallyuser profiles and

the user access toapplications

EncryptData encryption fordata-in-motion and

sensitive data-at-rest

SAP Cloud Identity Security Aspects

Page 43: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 43Public

SAP Cloud Identity Enterprise Service Levels

24/7Global Support

99.9%Service Availability

2 weeksRelease Cycle

Page 44: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

Customer Reference

Page 45: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 45Public

SAP Runs SAP: Enabling Simple and Secure Authenticationand Identity Management with SAP® Cloud Identity

CompanySAP SE

HeadquartersWalldorf, Germany

IndustryHigh tech

Products and ServicesEnterprise software and services

Employees74,000

Revenue€16.82 billion

Web Sitewww.sap.com

Objectives� Offer single sign-on (SSO) to applications for SAP employees for things like HR tasks, external cloud applications like

the SAP® Jam™ social software platform, and public Web sites like www.sap.com� Avoid disconnected silos of users for every site or application� Strengthen security by unifying authentication across the enterprise� Avoid multiple logins for employees and multiple registrations for external users� Reduce total cost of ownership (TCO)

Resolution� Developed a central authentication and SSO software-as-a-service based on open industry standards and protocols� Created a universal user interface that supports all devices, from smartphones to desktop computers� Authenticated external users through a cloud user store and SAP employees through an on-premise corporate user

store� Onboarded more than 1,000 applications with SAP’s tenant of the SAP Cloud Identity service� Offered SAP Cloud Identity as the authentication, SSO, and user management security service for SAP HANA® Cloud

Platform

Benefits� Improved internal and external user productivity and the user experience through uniform logon and SSO to cloud

applications� Simplified access via social logon and self-services like registration and password reset for SAP customers and

partners� Increased security through centralized user management and password policy enforcement� Lowered TCO and reduced risks with a single authentication and user management system that replaced the various

systems across the enterprise and cloud

>8.5 millionRegistered users

~1,000Applications onboarded

~150,000Active users every week

“SAP Cloud Identity service is a great catalyst for our transition to a cloud company. It combines secureauthentication and efficient identity management for all of our target groups: employees, customers,partners, and public users.”Charles Carney, Project Lead, SAP IT, SAP SE

Page 46: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 46Public

SAP Runs SAP: SAP Cloud Identity Service @SAPSecure logon and SSO for internal and external websites and apps

>8,5 mil registered users

~1000 applications

Community Network~150,000 active users/week

public websites and SAP internal apps

http://sap.com

https://www.sapstore.com/Jam

HANA® Cloud Platform

+ many others

Page 47: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

Further Information

Page 48: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 48Public

SAP Cloud Identity ServiceUseful Information

SAP Cloud Identity on hcp.sap.comSAP Cloud Identity on SCNSAP Cloud Identity Service - Solution BriefSAP Cloud Identity Roadmap on SAP Service Market Place (SMP)

Video Tutorials via SAP HANA Academy SeriesSAP Cloud Identity online helpSAP Cloud Identity How-to Guides on SCNSAP Cloud Identity Demo in SAP Demo Store

Page 49: SAP Cloud Identity Overview Presentation · SAP HANA Platform SAP NetWeaver Application Server SAP Access Control SAP Identity Management ... Product overview SAP Cloud Identity service:

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 49Public

© 2015 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or anSAP affiliate company.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE(or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademarkinformation and notices.

Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.

National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or itsaffiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE orSAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothingherein should be construed as constituting an additional warranty.

In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop orrelease any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible futuredevelopments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time forany reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to placeundue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.