My company is beginning the process of implementing BW,CRM, etc. I believe that eventually, we will be incorporating all of our systems to Enterprise Portal, including R/3. I have multiple questions and I cannot find enough information.
-Is the eDirectory (LDAP) required to using EP?
-Is CUA required to using the eDirectory (LDAP) or is it an option?
-Does CUA support single sign-on? If not, do we need a 3rd party product?
-Do we need to have single sign-on active in our CUA Central client in order to use eDirectory? If not, then how does the Central client keep track of all the passwords. Isn't CUA required - the Central client - in order to connect to the eDirectory? Instead of all SAP systems/clients connecting to eDirectory individually?
-Do I understand correctly that EP will accept R/3 modules?
Requires Free Membership to View
When you register, you will start receiving targeted emails from my award-winning team of editorial writers. Our goal is to keep you informed on the hottest topics and biggest challenges faced by SAP professionals today.
Hannah Smalltree, Editorial Director
Get ready for a roller coaster ride. I'm not sure what portal you are going to be implementing: EP5 or EP6 but from a security point of view, they both deal with roles differently. While one is more secure it lacks functionality that the ladder was shipped with. I think what you will find: is that nothing quite works the way it should and that SAP is still learning about the product itself.
Let me begin by saying there is a lot I don't know about the portal either EP5 or EP6 (it is nothing like Workplace 2.0). So I will do my best to focus on what I do know (any consultant today saying differently, is lying).
The portal should be able to authenticate from any directory, my recommendation would be using Active Directory for authentication simply because many companies already have it. The portal also requires a user to role directory which can be CUA or can be fed from CUA. The portal does not have to have CUA implemented… although if you have already invested sweat and money into CUA I would recommend further leveraging the technology. CUA does not and never has done SSO, the portal uses SAP logon tickets for managing SSO, which is standard in all 6.20 releases of R/3. You can (and I recommend) using a third party product (such as Netegrity) for any SSO from the portal to non-SAP applications.
The portal is basically a window into other SAP systems. It by no means supplants any downstream system. You still have to build roles/activity groups and profiles in R/3 and new dimension products individually. Think of the portal as another layer of user interface and permissions on top of SAP. Yes, the portal will work with SAP R/3 (any module). Thus far many companies have chosen to use Web Gui, launched out of the portal rather than creating custom pages and iviews for standard SAP R/3 transactions. But, this is a maturity thing, and in the future I anticipate that many companies will merge R/3 transaction components into singular iviews/pages for an enhanced user experience.
I am quite certain that I will get a lot of questions about best practice security for EP6. Let me be clear: I don't think there is a best practice yet; many companies and the consultants helping those companies are only beginning to understand how to get all of the components, both Security and Usability to work together in unison. I will do my best to respond to questions like this one in the future… but I may be wrong.
After all it is only an opinion.
This was first published in March 2004