sap and mobility - usf · sap and mobility mederic leborgne/sap hana cloud platform and mobility...
TRANSCRIPT
SAP and MobilityMederic Leborgne/SAP HANA Cloud Platform and Mobility presales
October, 2016
CUSTOMER
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 2Customer
Agenda
Big Pictures
Mobility on SAP HANA Cloud Platform
SAP HANA Cloud Platform, mobile services
Elements of an Enterprise Mobility Management (EMM) Solution
• Mobile App Lifecycle Management
• Mobile Device Management
• Mobile Content Management
• Mobile Identity
Mobility in Digital Transformation
The Big Picture
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 4This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Value creation in the digital economy begins with ubiquitous mobility
Digital TransformationThe Next Revolution
Mobile
Social
In-Memory
Computing
Machine
Learning
Cloud
Internet
of Things
Big Data
Hyper
Connectivity
Digitization of data and interactions increasing at an
exponential pace.
Mobile, Internet of Things and Hyper-connectivity
enabling immediate access to every “thing”
Cloud enabling digitization with commodity storage,
and on-demand computing at scale
In-Memory changing the speed of computing and
delivering the vision of real time
Big Data and Machine learning technologies
changing how data is being analyzed with predictive
analytics
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 5This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
SAP HANA PLATFORM
CustomerExperience
WorkforceEngagement
Supplier& Business Networks
IoT & Big Data
Digital Core
Leverage Mobile Apps to allow convenient access to Digital Core
Leverage Mobile Apps to streamline or even reinvent digital E2E Processes…
Transforming key Processes with MobileMobile allows digital transformation to impact the ‘Moment of Truth’
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 6This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
The Mobility JourneyMany Starting Points, Many Paths
Business
Process Expert Developer
Outsourced Internal
Cloud On-Premise
Mobile App
Development
Enterprise
Mobility
Management
IT
Lin
e o
f B
usin
ess
Organizations embark on their
mobility journey from different
starting points.
Organizational
Priorities
Business
Drivers
Skill Sets
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 7This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
SAP Mobile Strategy – Focus AreasHelping customers establish Mobility as key pillar of their transformation
User Experience and Fiori
Mobility on SAP HANA Cloud
Platform
Mobile Developer Experience
Mobile PlatformOn-Premise
Key focus areas shaping mobile platform strategy,
investment and technologies at SAP.
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 8This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Unlocking the Power of SAP HANA Cloud Platform for mobile
S/4HANA
SAP HANA Cloud Platform
3rd
PartySAP other
Mobile Servicese.g. authentication,
push, location, off-line
Business Servicesleveraging HCP Services,
e.g. gamification, loyalty
Custom Business
Logic and StorageLeveraging HANA, Java,
Node.js, etc.
Reusable Integrationto SAP and non-SAP
back-ends (HCI)
API ManagementAPI catalogues,
API governance
AnalyticsAdvanced analytics
services and visualization.
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 9This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
iOS Android Windows Phone OSX
• iPhone
• iPad
• Apple Watch
• iOS 6.0.x - 9.X
• Android phones &
tablets
• Android 4.0.x-6.0.x
• Android for Work
• Samsung KNOX
Standard
• LG Gate
• Windows Phone 8.1
& 10
• Support for self-
service configuration
file distribution for
BYOC
• Mac 10.X+
Wide support for mobile devices
See help.sap.com/mobilesecure system requirements for the current supported devices
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 10This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Everything starts in the CloudControls for managing users, devices, apps and data
• Easy to trial and manage from the HCP Cockpit
• Role based administration and reporting on
devices, apps, users, and security events
• Enterprise integration & connectivity to HCP
services and on premise systems
• Leverages standard HCP administrative controls
Mobility on SAP HANA Cloud Platform
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 12This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
SAP HANA Enterprise Cloud(HEC) Private Managed Cloud
SAP HANA Cloud Platform(PaaS)
SAP Cloud Apps(SaaS)
BuildNew Digital Apps
ExtendOn-premise &
Digital Apps
IntegrateEverything
Run mission critical SAP
applications in the cloud
SAP Cloud Infrastructure
SAP: The Cloud Company Powered by SAP HANA
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 13This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
SAP HANA Cloud PlatformThe Enterprise Capabilities You Need to Succeed in the Cloud
Business ServicesMobileSecurity Data & Storage Dev & Ops
User Experience Internet of ThingsIntegrationCollaboration Analytics
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 14This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Platform Services: MobilityValue Proposition
App Logic
UX
Screen Flow
Interactivity
Enterprise
Governance
Security
Integration
Manageability
Supportability
Development focus is on delivering
business value-- application logic and
user experience.
But this represents a fraction of the
effort involved in enterprise mobility:
Authentication &
authorization
Backend integration
Security – devices, data,
communications
Disconnected access &
synchronization
Push notifications
High availability & fault
tolerance
Scalability
User onboarding and
support
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 15This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Platform Services: MobilityDeveloper Choice – Use the right tool for the job
Hybrid/Fiori
Apache Cordova
SAP Web IDE
SAP SDK plugins
Native
OS Vendor IDE
SAP SDK
Web/Fiori
SAPUI5
OpenUI5
3rd partyframeworks
Metadata Driven Apps
Codelessmodifications
Non-developeruser
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 16This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Mobile App DevelopmentImmersive End-to-End DevOps Tool Chain
Discover Prototype Develop Test Package Deploy Extend
Device Test
Cloud
SAP Web IDE
Business
Expert
CoderDesigner
SAP Fiori
Mobile SDK
Cloud Build
Fiori
Extensibility
SAP HANA Cloud Platform, mobile service for development and operations
SAP HANA Cloud Platform, mobile service for app and device management
SAP HANA Cloud Platform, mobile service for SAP Fiori
Other relevant SAP HANA Cloud Platform services
SAP HANA Cloud Platform, mobile services
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 18This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Platform Services: MobilitySAP HANA Cloud Platform mobile service for development and operations
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 19This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Platform Services: MobilitySAP HANA Cloud Platform, mobile service for app and device management
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 20Internal
SAP HANA Cloud Platform,
mobile service for app and device management
An integrated Enterprise Mobility Management (EMM) solution running on SAP HANA Cloud Platform,
leveraging the real-time processing power of SAP HANA.
Key capabilities
• Branded, multi-channel, self-service enterprise app store
• Serve employees, partners and contractors
• Mobile app and device lifecycle management
• Streamline publishing, analysis and management of
apps/services
• Support for iOS, Android and Windows mobile platforms
Benefits
• Increase mobile app adoption
• Lower the overall cost of supporting enterprise mobility
• Improve enterprise compliance and security
Read more: SAP HANA Cloud Platform, mobile service for app and device management
SAP HANA Cloud Platform
App & Device Management
• Analysis
• Compliance
• Remediation
• Reporting
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 21Internal
SAP HANA Cloud PlatformThe Quickest Path to Innovative Mobile Apps & Digital Transformation
Build
New Mobile &
Digital Apps
Extend
Mobile, Digital &
On-premise Apps
Integrate
Everything
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 22This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Platform Services: UX
SAP Fiori
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 23This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Platform Services: UXSAP HCP mobile service for SAP Fiori
Purpose-built to optimize SAP Fiori use
cases for mobile:
Provide end users with the best possible mobile
experience
Simplify supporting use cases that go beyond
accessing Fiori apps from a web browser
Provide secure and seamless integration with
complex Fiori deployment scenarios
Provide a simple way for administrators to
manage, secure, enable and test Fiori apps and
their lifecycle
Develop/ Extend
Build &Test
Package &
Distribute
Discover &
Install
Run & Enjoy
Monitor
HCP
mobile
service for
SAP Fiori
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 24This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Platform Services: IntegrationSAP HANA Cloud Connector
The SAP HANA Cloud Connector allows a secure integration with on-premise systems. This enables easy integration of
the on-premise data with the SAP HANA Cloud Platform.
Key capabilities
On-premise agent establishes secure SSL VPN connection
between the SAP HANA Cloud Platform and on-premise
systems
Supports pre-configured “Destination API” and certificate
inspection to safeguard against forgeries
Supports multiple protocols (HTTP, RFC, JDBC), high
availability and principal propagation
Benefits
Complementary to SAP Gateway, HANA Cloud Integration
and 3rd party integration suites both on-premise and in the
cloud
Internet
Cu
sto
me
rS
AP
HA
NA
Clo
ud
Pla
tfo
rm Applications on
SAP HANA
Cloud Platform
HTTPS
Cu
sto
me
r
SSL TunnelFirewall
Internet
FirewallSAP HANA
Cloud Connector
ECC CRM HCM
On-Premise Network
Read more: SAP HANA Cloud Connector
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 25This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Platform Services: IntegrationSAP API Management
SAP API Management on HANA Cloud Platform provides simple, scalable and secure access to digital assets and
enables engagement of employees and developers.
Key capabilities
Unified standards based API access of REST/OData or
SOAP services
Enterprise Grade Security for the APIs against attacks like
DoS, CSRF, XSS etc.
Real-time insights & analytics on the APIs traffic, usage,
error reporting and monitoring
Benefits
Platform for engaging with and enabling employees and
developers - internal and external
Read more: SAP API Management
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 26This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
SAP HANA® Cloud Platform, integration serviceLowers cost, increases speed, and enhances simplicity for our customers
Cloud-to-cloud and
cloud-to-on-premise
Prepackaged integration content hub:
“Discover, Configure, Manage”
Multi-tenancy, rolling software
updates, horizontal scalability,
subscription-based
Strong focus on security including
data isolation
Complements SAP Process
Orchestration
Open to partners – projects, content,
and connectivity adaptersSAP
On Premise3rd Party
On Premise
3rd Party
Cloud Solutions
Engineered
for the CloudPrepackaged
Integration Flows
Community and
MarketplaceMulti-level
Security
SAP Cloud Applications
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 27This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement
Customer
Apple & SAP Partnership Announcement
A strategic partnership between Apple and SAP to transform the mobile work experience for
enterprise customers of all sizes.
SAP will create Industry lighthouse
Apps, with an initial focus on Asset
Industries, Retail, Healthcare and
Professional Services, supported by
Apple’s Innovation Labs
SAP and Apple will jointly develop
and iOS/SAP Academy
SAP will create an iOS SDK for HCP
that enables SAP development,
customers, and partners to build,
extend and run apps
Mobile App Lifecycle ManagementThe administrative user experience
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 29Internal
Mobile App Management
Branded, multi-channel, localized, self-service app store experience to
serve employees, partners and consumers
Publishing, analysis and ongoing management of apps and services – to
both managed and unmanaged devices
App discovery through categorization, ratings and reviews and end user
personalization
Automatically direct out of compliance users to download the appropriate
MDM solution before downloading apps and services
Advanced app level security capabilities, remote app configuration and
policy deployment
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 30Internal
Mobile App ManagementMobile app types supported
Enterprise Apps
• Publish apps developed by an
enterprise or software vendor
• SAP Fiori mobile apps
• Support for end user supplied
documents, screenshots, videos
• Android for Work, Samsung SAFE
and iOS: MDM deployment via MDM
server, other Oss OTA via direct
download
Web Clips
• Publish managed Web based
resources
• Support for end user supplied
documents, screenshots, videos
• iOS MDM devices: option to provide
resource as iOS Webclip
• “My Websites” used for organization
within Mobile Place
Commercial App Store Apps
• Apple App Store, Google Play,
Windows Phone Store apps
supported
• Commercial Volume Purchase
Programs supported.
• Supports videos, documents,
screenshots as supported material
• App Name, App Icon, sample
screenshots and App Description
retrieved automatically.
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 31Internal
Manage the lifecycle of mobile apps
Add Apps •Volume purchase and centrally deploy / reconcile
•Publish enterprise apps, app store apps, web apps, SAP Fiori apps to Mobile Place
Deploy Apps•Make apps required/available
•Automatically install/manage apps based on user and current device state
Configure Apps•Automate server/app connection details and policy deployment
•Support AppConfig Community for iOS and AFW apps (support managed app config)
Protect Apps•Set copy/paste controls, data sharing controls, compromise tests, or wrap apps*
Retire Apps•Force upgrade or removal of app to be retired
* Some app protection capabilities may require additional licensing
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 32Internal
App Catalog Administration
• Role based Administration:
• App Catalog Admin
• App Catalog Publisher
• Reporting Admin
• Mobile Place User
• Support for mobile app:
• Private trials & betas
• Social and IT/Dev feedback
• App version management: updates,
multiple versions, retire/expire
• Support for adding additional security to
‘enterprise apps’ prior to publishing to
production
• Support for pre-production app testing
on real devices on real networks
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 33Internal
App Catalog AdministrationSettings Management
• Define app publishing meta data
• Details – including name,
description, language, featured
app, MDM versus Non or both,
• Groups – who gets the app
• Multimedia – supporting
graphics media for app
• Support for private trials & betas
with feedback loops for IT and App
Developers
• Support for adding additional
security to ‘enterprise apps’ prior to
publishing to production
• Support for pre-production app
testing on real devices on real
networks
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 34Internal
App Catalog AdministrationTest the app on real devices
Select action on app
to initiate testing
workflow
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 35Internal
App Catalog ManagementCreate a catalog experience to meet your requirements
Rich customization capabilities:
• Override default text
• Upload new languages
• Custom support text and EULA settings
• Use custom logo
• Set background Image
• Use custom stylesheet
• Set favorite/default App/Webclip icon
• Set default access to Managed or
Unmanaged device
• Configure authentication mechanism -
Cloud/Enterprise, SAML
• Allow app store “Preview” for managed
devices not under MDM
Mobile Device ManagementControls for Managing Users, Devices and Data
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 37Internal
Device ManagementSecure, Configure, and Monitor
Secure
• Enforce PIN/passcode
requirements
• Detect jailbreak & root
compromises
• Locate, lock, wipe, and
password reset for lost devices
• Install and manage digital
certificates
• Enforce device data protection
• Require encrypted backups
• Restrict copy and paste
between apps
Configure
• Group policies
• Corporate email access
• Device ID
• WiFi settings
• VPN and per-app VPN
• Enterprise SSO
• Device restrictions and usage
control
• Apple AirPlay
• Android for Work enterprise
containers
• Cellular roaming controls
• Browser proxies
• Device APN
Monitor
• Corporate or end user driven
enrollment
• Detailed asset tracking
• Device location and activity
• Enforce policy compliance
• Event logs
• Pre-built and custom reports
• HCP–based administrative
console
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 38Internal
Device ManagementManage Android
Standard Android
• Manufacturer-independent settings to control passcodes,
configure Wi-Fi, block Bluetooth, block camera, force encryption
and more on devices running Android 4.0 and above
Android for Work
• Google’s secure enterprise solution for app and device
management
• Provides managed Chrome, managed email/calendar/contacts
• Offered on 70 enterprise-class devices from 13 OEMs including
HP, HTC, LG, Samsung, Sony, Motorola, Fujitsu, Blackberry,
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 39Internal
Device ManagementManage Android
LG Gate
Control roaming, USB, email & Microsoft Exchange accounts,
browser, apps and remote data wipe options
Samsung KNOX Standard
Manage browser, APN, applications, OTA updates, device resets,
roaming, SD card, Wi-Fi, email and Exchange, USB, microphone,
camera, clipboard, NFC, GPS, firewall, app whitelist/blacklist,
access to Play, YouTube, voice dialer and more
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 40Internal
Device ManagementManage iOS
Manage and secure iPhones and iPads in the enterprise
• Volume Purchase Program
• Apple Device Enrollment Program (DEP)
• Supervised device settings
• SSO for enterprise apps
• App configuration
• Certificate management
• Per app VPN
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 41Internal
Device ManagementManage Windows Phone
Device policies to manage Windows Phones
• App Restrictions – maintain app whitelist/blacklists - by app and by app publisher
• Device Restrictions – Wi-Fi, NFC, Bluetooth, roaming, storage card, location,
telemetry, disable reset by user, disable copy/paste, disable user un-enrollment,
block Windows Store,
• Certificates – deploy, track and revoke device and user certificates
• Exchange Active Sync – manage email account settings
• Passcode – set passcode quality and remediation options
• VPN – configure VPN access
• Wi-Fi – configure access to corporate Wi-Fi
• Assigned Access – enable kiosk / specialized use scenarios
• Distribute enterprise and Windows Store apps
Mobile IdentityUser Management
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 43Internal
Mobile Identity and Access
User authentication secures
access
• SAML 2.0 compliant services
(Azure AD, OKTA, PING,
Centrify, etc.)
• SAP Cloud Identity Service
Access control regulates mobile
device access
• Email – Microsoft Exchange and
Microsoft Office 365
• Network Access Control – Aruba,
Checkpoint, Cisco, Forescout
User identity forms policies
• User directories - Microsoft Active
Directory and LDAP – user
context data for groups and
variables
• Certificates - full management
through certificate lifecycle for
Microsoft and Entrust certificate
authorities
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 44Public
SAP HANA Cloud Platform Identity AuthenticationIn the SAP security portfolio
SAPBusiness
Suite
SAP HANA Cloud Platform
SAP NetWeaver Application Server
SAP Access Control
SAP Identity Management
Make it simple for users to do what they are allowed to do
Know your users and what they can do
SAP Single Sign-On
Ensure corporate compliance to
regulatory requirements
Platform Security
Make sure that SAP solutions run securely
SAP Enterprise Threat Detection
Counter possible threats and identify attacks
Add-On for Code Vulnerability
Analysis
Find and correctvulnerabilities in customer
code
SAP HANA Cloud Platform Identity
Authentication
SAP HANA Cloud Platform Identity
Provisioning
SAP Cloud Identity Access
Governance, access analysis
service
Manage access,
users and
compliance in the
cloud
SAP HANA
3rd Party Systems
SAP S/4HANA
SAP Cloud Applications
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 45Public
Access protection
Identity federation based on SAML 2.0
Web single sign-on and desktop SSO
Secure on-premise integration with existing authentication system
Social and strong authentication
Risk-based authentication
Manage users and access to applications
User administration and integration with on-premise user stores
User groups and application access management
User self-services
Password and privacy policies
Enterprise features for integration
Branding of end user UIs
Programmatic integration via SCIM standard
Product overviewIntroduction
SAP HANA Cloud Platform Identity Authentication provides secure access to web
applications. It is a software as a service (SaaS) offering by SAP
Identity Authentication
Service
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 46Public
Integrating SAP – and 3rd party applicationsIntroduction
HR & Collaboration
Cloud
SAP HANA Cloud Platform
SF Employee
Central
On-premise
Identity Authentication
Service
Jam
ERP, CRM
S4HANA
C4CCloud for Customer
Planning & Analytics
IBP
Cloud Analytics
Identity Management
IDM IdP
HCM
HR
Social Platforms
Facebook, Google,
3rd party
Travel, …
Microsoft:
Office365, Azure
Delegate
authentication
Authentication, Provisioning
Authentication, SSO
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 47Public
Access protection on user level and on application level
Configurable access levelsIdentity access management
User status
new, active,
inactive, locked
Public access
Self registration is allowed
Social authentication [optional]
Internal access
Only users already registered
are entitled to access
Private access
Only users registered for the
application can access
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 48Public
Risk-based authenticationIdentity access management
Logon
******
Network IP Ranges
User Group Membership
Logon
******
Deny
Allow
and/or
Two-factor-authentication
Define authentication rules to control application access
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 49Public
Identity authentication service as a proxy to a corporate IdPDelegated authentication
Corporate
Identity Provider
Identity provider proxy
Authentication is delegated to
corporate identity provider login
Reuse of existing single sign-on
infrastructure
Easy and secure authentication for
business-to-employee (B2E) scenarios
Federation based on the SAML 2.0
standard
Logon
******
Corporate Network
IdP proxy via the SAML standard – easy to establish
SAML
3rd party Cloud
SAML
Applications
Identity Authentication
Service
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 50Public
On-premise user store
Users credentials from:
Active Directory
3rd party user store
No user replication to the cloud required
Internal network ports do not need to be
exposed to the Internet
In addition usual product features can
be used: UI configuration, policies, two-
factor-authentication
Authentication with on-premise user storeDelegated authentication
SAP
NW JAVA
+ SAP SSOLDAP
AS ABAP
Corporate Network
SAP NetWeaver
Logon
******
Integrate with an on-premise user store via a secure tunnel
Applications
Cloud Connector
Identity Authentication
Service
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 51Public
SPNEGO* authentication
Users authenticated with corporate
LDAP enjoy single sign-on to cloud
applications without re-authentication
Reuse of existing corporate identity
infrastructure
Secure authentication and SSO for
cloud and on-premise web applications
Increase user productivity in B2E
scenarios
SPNEGO authenticationDelegated authentication
AS AAP
Corporate LDAP
credentials
Kerberos
token
* Simple and Protected GSSAPI Negotiation MechanismCorporate Network
LDAP
SPNEGO
SAML
Applications
SPNEGO: integrate with MS Windows domain authentication
Identity Authentication
Service
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 52Public
Social IdP integrationDelegated authentication
Social media authentication
Suitable for B2C, B2B scenarios
Configurable per application
Linking and unlinking of social
accounts
Logon credentials
Social media username & password
Social Media
IdPs
Logon
******
OAuth
3rd party Cloud
SAML
Applications
Enable social login with popular identity providers in the Internet
Identity Authentication
Service
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 53Public
IdP initiated SSODelegated authentication
SAP HANA Cloud Platform Identity Authentication as a proxy to multiple SAML identity providers
Authentication is initiated by the SAML identity provider
Upon successful authentication, a check for correct user group assignment can be configured (optional)
SAML IdP 1„User Group 1“
can access via
SAML IdP 1
„User Group 2“
can access via
SAML IdP 2
Application
Logon
******
Logon
******SAML IdP 2
Secure your business network and allow partner users to login via their corporate IdP
Identity Authentication
Service
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 54Public
Administration servicesUser management & user self-services
User Management
Branding & Policies
Application Configuration
Reporting
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 55Public
User managementUser management & user self-services
User administration
Web based user management
User search
Mass user import/export
Monitor user access
User groups administration
Define user groups
Assign users to groups
Integration
Programmatic integration via
SCIM REST APIs
Web-based and programmatic user management capabilities
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 56Public
Branding and customizationUser management & user self-services
Customization features
Company Logo
Application name and logo
Color style
Terms of use & privacy policy
Adjust UI texts via API
Mail templates (account confirmation,
forgot pwd., et al.)
Product features
Responsive UIs
Multilanguage support
User interface, email templates and registration policies can be adjusted to corporate needs
Mobile Content ManagementEnterprise File Sync & Share
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 58Internal
Mobile Content Management with SAP Document CenterSimple access to enterprise content
• Enterprise File Sync and Share (EFSS) solution
• Simple access to content on any device (online &
offline) with native clients for all major platforms
• Files automatically downloaded to mobile devices
• Content can be pushed to devices based on roles
• Documents available even when offline
• Synchronize single documents or complete folder
• Personalized access to on-premise content in
Microsoft SharePoint, SAP S/4 HANA and SAP
Business Suite Applications
• Easy integration with wide range of SAP solutions
3rd Party Integration Framework
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 60Internal
SAP HANA Cloud PlatformExtend Mobile Apps via 3rd Party Integration Framework
Requires: SAP HCP mobile service for
app and device management
OR
SAP HCP mobile service
for SAP Fiori
Enhance all mobile apps post-development
3rd Party cloud services are
integrated into the workflows
with SAP HANA Cloud
Platform mobile services
Enterprise mobile apps developed with
HCP mobile service for dev & ops
App Testing
App Wrapping
Threat
Detection
Defend against cyber
attacks, report/enforce risk-
based policy management
EMM/MAMCreate custom Fiori mobile
apps. Deploy them via EMM
solutions
VPNCreate custom SAP Fiori
apps and automate
connection to VPN
Cordova Plugin
Requires: SAP HCP mobile
service
for SAP Fiori
Add advanced capabilities to Fiori mobile apps
Publicly available Cordova
plugins and 3rd party
commercial app plugins are
dynamically built into SAP
Fiori mobile apps
SAP Fiori mobile apps built with
HCP mobile service for SAP Fiori
Leverage publically available
Codova plugins
Thank youContact information:
F name L name
Title
Address
Phone number
F name L name
Title
Address
Phone number