In late 2022, SAP Business One Feature Pack (FP) 2208 introduced Identity and Authentication Management (IAM) services to SAP Business One users for the first time. IAM allows individuals and IT teams to take advantage of a convenient single sign-on (SSO) process leveraging a built-in or external identity provider (IDP). The initial IAM roll-out for SAP Business One also enhanced login security by deploying the IDP’s multi-factor authentication feature.

Identity and Authentication Management enhancements blend security and usability.”

With this initial IAM offering well-received and widely adopted by SAP Business One customers, it only made sense to build upon the momentum by refining and adding more IAM features. SAP has taken this next step with Feature Pack 2305.

Why Identity and Authentication Management (IAM) is Important

Why is IAM so important for SAP Business One? Identity and Authentication Management systems allow organizations to verify user identity and access levels at all times while ensuring only the right people have access to data and applications. These controls are applied to employees, contractors, and customers to tighten security and improve visibility for IT teams.

Applying this level of security and control to SAP Business One was a crucial step in the right direction. With over 60% of all data breaches related to user credentials, ERP system access must be protected aggressively and proactively. Since Business One IAM improves the user experience, there was no reason to delay.

Feature Pack 2305 IAM Enhancements

With the release of Feature Pack 2305, the workspace was streamlined to improve usability, while IAM enhancements took the sign-in process to the next level. Exciting highlights of this latest IAM upgrade included:

1)     Sign-in process improvements

2)     User binding

3)     Additional component support

process improvements

The SAP Business One sign-in process has been simplified and fortified at the same time. 2-factor authentication (2FA) is now a standard, selectable option. The second authentication factor makes data breaches much less likely since an unauthorized party must have access to login credentials, as well as the one-time code.

In addition, a “change password” option is now accessible from the login page, and the last company selected for login is automatically recalled. A “single logout” feature has also been added as a counterpart to single sign-on. Single logout allows users to sign out of all open Business One pages automatically when they exit their browser.

User Binding

What is user binding? In an IAM system, user binding refers to the process of associating users with specific platforms, rights, and permissions. The binding process determines which actions a given user can perform and which resources they can access within the ERP environment.

New Business One IAM enhancements allow administrators to bind users directly from the SAP Business One Client. Each IDP user can be bound to multiple companies. When new user profiles are created, the available identity providers (IDPs) and IDP users are conveniently selected from a drop-down menu.  

Newly Supported Components

Identity and Authentication Management practices are based on a philosophy that regards all systems as secure systems. FP 2305 delivers on this basic premise by expanding the list of Business One components supported by IAM. These newly supported components include:

  • SAP Business One Crystal Reports
  • SAP Business One Studio Suite
  • Electronic Documentation Services
  • Electronic File Managers
  • Browsers

Support for these components expands the reach of IAM in SAP Business One while protecting many core services that contain sensitive company and user information.

The Future of IAM for Business One

Convenient SSO is enhancing Business One usability by reducing password fatigue and shrinking the potential attack surface. With the addition of a single sign-off, these benefits are now realized at both the entry and exit authentication gates. Future releases will undoubtedly see more efficient user binding and additional component support. SAP Business One Cloud IAM support is also being planned. 

Inevitably, IAM trends, including Continuous Access Evaluation Protocols (CAEP) and biometric authentication practices, will shape the long-term future of IAM for Business One.

Follow the SAP Business One Community page for more tips and information on SAP Business One!