Overview of Authentication and Access for SAP on Azure
Overview of Authentication and Access for SAP on Azure

This course illustrates how to leverage Azure authentication and access features to simplify and streamline users' experience using SAP running on Azure Infrastructure. Azure Active Directory supports single sign-on to SAP applications, while role-based access control, a fundamental building block Azure Resource Manage, enables system administrators to allow access to and protect the resources hosting an SAP environment.

Learning Objectives

  • Underlying concepts of authentication and access in an Infrastructure as a Service environment
  • Learn the steps required to set up Azure Active Directory Authentication with SAP applications
  • Learn how to apply role-based access control to an SAP environment
  • Use resource locks to add an extra layer of security to your infrastructure

Intended Audience

This course is intended for anyone who wants to boost security for their SAP environments on Azure, through the use of authentication and access practices.


There are no particular prerequisites required for this course other than a general understanding of user authentication and access.


Securing any system, cloud-based or on-premises, involves many elements or attack surfaces. Network, hardware, and operating system protections are, for the most part, invisible to users and have little impact on performance. It's the interface between humans and application software where system security becomes a double-edged sword and can generate friction between system users and system guardians. Protecting against non-users, is in principle, relatively straightforward. Intrusions are considered threats until proven otherwise, and system hardening is a discipline devoted to keeping known bad actors at bay.

On the other hand, legitimate users need entry to the system, which gives them access to an organization's data. Unfortunately, for a multitude of reasons, both intentional and accidental, employees can steal, alter, and destroy applications and data. SAP implemented in the cloud is a shared responsibility security model where Azure secures the infrastructure, and application security is the customer's responsibility.

This diagram clearly illustrates how the Infrastructure as a Service model places more onus on the customer than the other two cloud paradigms, software, and platform as services. We can see that identity and account access fall squarely within the customer's domain.

As SAP landscapes are complex, so too is user administration, where authentication and access to multiple resources and applications have the potential to become onerous for administrators and users alike. The ingress point to an Azure-based SAP system is accessing the host cloud resources, so it makes sense to put user validation here. Let's see how Azure's authentication and access models can be integrated with SAP to provide a more secure and easier-to-manage environment.

About the Author
Learning Paths

Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a  Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.