5 SAP HANA Authentication Methods – Must Know for User Verification

After getting a fair idea of SAP HANA Sidecar, let us explore the different security functions involved in the entire SAP HANA security framework. One such security function used at the initial stages of working with SAP HANA is the user authentication.

SAP HANA Authentication Methods

So, stay with us as we learn about user authentication and different authentication methods in SAP HANA.

SAP HANA Authentication

Any user who has access rights to use SAP HANA database is verified for authenticity before granting access. The authentication process involves the verification of the authentic identity of the user. In SAP HANA, there are mainly five different authentication methods. We will discuss all the different authentication modes in detail.

  • User Name/Password
  • Kerberos
  • Security Assertion Markup Language (SAML 2.0)
  • SAP Logon and Assertion Tickets
  • X.509

Some of these authentication methods play an important role in integrating or incorporating the SSO (Single Sign-On) environments into SAP HANA.

Authentication Methods in SAP HANA

SAP HANA Authentication methods availability

1. User name/ Password

In this method, you have to enter your user name and password to get access into the HANA system. It is the most basic way of authenticating users. With the help of a stored profile specific to you under the Security Tab (in User Management section) of SAP HANA Studio, the system will verify the user name and password. You must create the password according to the password policy of the company or the standard password policy. A password policy decides a password length, complexity, use of special characters, lower and upper case, etc. It is compulsory for the system to have a password policy and thus you cannot deactivate it in HANA user authentication.

2. Kerberos

The Kerberos method enables direct authentication of a HANA user using external authentication methods. The system will map external login to your SAP HANA user profile and external platforms will directly authenticate you in SAP HANA. For example – You can authenticate yourselves via JDBC/ODBC drivers through a network connection or using SAP Business Object which is a front-end application.

In addition to this, user authentication in SAP HANA XS is also possible for HTTP access. This process uses HANA XS engine and SPENGO mechanism to carry out Kerberos authentication.

3. SAML 2.0

SAML i.e. Security Assertion Markup Language authenticates users who request direct access to SAP HANA from ODBC/JDBC clients. Although, SAML is only for authentication purposes and not for authorization purposes. In addition to directly authenticating ODBC/JDBC clients, this method also authenticates users who want to access HANA from HTTP using a HANA XS engine.

4. SAP Logon tickets and SAP Assertion Tickets

The two ticket-based methods are native to SAP HANA and are only for native SAP HANA users as it does not map user information into SAP HANA from external applications. Thus, the logon tickets and assertion tickets method is a direct way of user authentication. The users requesting access to SAP HANA system are issued user specific tickets using which they get access into the system. It is important that the user tickets gets created in the SAP HANA system.

5. X.509

This method is again an indirect way of authenticating users to let them access SAP HANA. The users requesting access into the SAP HANA database from SAP HANA XS system via an HTTP request are assigned user-specific X.509 certificates. These certificates are created and signed by the trusted certification authority and thus are a legitimate mode of authentication. The user to which a certificate is assigned for authentication must have a profile stored in SAP HANA for verification. It is because this method does not map user data from external sources into SAP HANA.

Summary

This comes to the end of our explanation of the different authentication methods used in SAP HANA. In the next tutorial, we will be discussing another aspect of SAP HANA security known as authorization.

Any queries or feedbacks? Drop in the comments section. We will be glad to help you.

Stay tuned with us and explore further tutorials on SAP HANA.

Time to test your SAP HANA knowledge – SAP HANA Online Quiz

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.