We are a consulting company specialising in SAP services, IT outsourcing and software development. We support our clients' businesses. That is the reason for our motto to be: IT makes business better

We are part of SNP Group, world leader in transformation of SAP environments

Since 1995 we have successfully accomplished hundreds of IT project in many countries worldwide.

"Better Business" is an SNP magazine for customers. Read hundreds of articles, useful in preparation and realization of IT projects.

Dlaczego uważamy, że SNP jest dobrym pracodawcą? Bo łączymy cechy rzadko spotykane w jednej organizacji - duże możliwości rozwoju, a zarazem dobrą atmosferę i elastyczność środowiska pracy. Dowiedz się więcej, na czym to polega w praktyce!

Wolters Kluwer Polska: Single Sign On

Once and Securely

Share
For many WKP employees, the complex SAP system landscape means the need to use several different solutions such as CRM, ERP, and SAP every day. Until recently, each system required a separate password to log on, and human memory is not without its faults. Therefore, Wolters Kluwer decided to implement the Single Sign On mechanism. This means only one password is required to have access to all SAP systems you need.

Wolters Kluwer Polska implemented the SAP ERP system as early as 2002. Another major implementation project in 2004 included the launch of the SAP BW data warehouse. Then, SAP CRM (in 2008) and SAP NetWeaver Portal were implemented. Virtually all operations of the company are supported by SAP systems. The benefits of business process integration in coherent tools are invaluable. Also, the technical value of a coherent system landscape that is administered and hosted by one service provider – BCC – is high.

Hundreds of forgotten SAP passwords

Wolters Kuwer Polska has an extensive SAP system landscape: two SAP Portal systems (production, and testing & development), two SAP BW systems, three SAP ERP systems (production, testing, and development), and three SAP CRM systems. In addition, each development system has several clients.

In total, all SAP tools in the company are used by several hundred users. SAP CRM has the largest number of users (370), then SAP ERP (180) and SAP BW (130). Often, these are the same people. Although the company uses multiple systems from one vendor, users who use more than one SAP solution have to log on to each of them with a separate password.

While administering the IT infrastructure, Wolters Kluwer implements the best management practices based on global best practices. One of them is the restrictive policy for changing passwords and a high degree of their complexity. To log on to the system, the user had to enter a password containing at least a certain number of characters, including uppercase and lowercase letters and special characters. Of course, it also has to be changed periodically. So a key-user employee who uses SAP ERP, SAP CRM and SAP BW, and – in addition to the production system – has access to the test system, they could find themselves needing to remember up to 10 challenging passwords.

Administrators who manage user accounts for each individual system had to spend a lot of time to ensure their integrity and compliance with security policies. For a large number of users, they make changes in the authorization system every day, or even several times a day. The reasons for this are changes to planned, periodic authorization, personnel changes, and even more typical reasons, such as forgotten passwords.

What is good for the security of data is often a nuisance for many users, including administrators.

Wolters Kluwer Polska uses the SAP administration service in the BCC Outsourcing Center, which means that the service provider has taken the responsibility for correct and efficient system operation.However, BCC consultants contact the WKP help desk team, rather than individual users. User notifications of forgotten passwords or blocked access to the system are sent (through the service application used by WKP) to the WKP help desk team. There, administrators decide whether an issue could be resolved internally or is the responsibility of BCC and needs to be escalated. After resolving the issue, external consultants inform WKP administrators, who in turn need to contact the unlucky user.

With such a large number of systems and users, forgotten password and locked account issues occur frequently. Administrators spend a lot of time solving these problems and it distracts them from other more important tasks. The result is the rising cost of system support and administration.

Grzegorz Fudala, Project Manager BackOffice, Wolters Kluwer Polska

80% fewer forgotten passwords

The security policy of WKP clearly defines our requirements for the frequency of changing passwords and password types.It is consistent with the policy used in SAP systems that are managed by BCC. Passwords have the required number of characters and complexity – no proper names can be used, and special characters, uppercase/lowercase letters and digits must be used. In addition, a password history is taken into account (it is not possible to use a certain number of previous passwords).

In our company, we are trying to bind SSO to each system, if possible. Logging on to SAP from SAP GUI via SSO is bound to each system (ERP/BW/CRM). Additionally, with an appropriate configuration, we use the server load-balancing feature which is active when you log on.

Almost every computer in the company is prepared to use SSO.

Our internal help desk experienced an 80% decrease in the number of requests such as “I forgot my password”, “I cannot log on”.

Grzegorz Fudala, Project Manager BackOffice, Wolters Kluwer Polska

Many Systems – A single Sign-On

The Single Sign-On (SSO) mechanism available on the SAP NetWeaver platform enables the coordination and integration of various systems to which the user should have access using one password. SSO allows you to log on automatically not only to the SAP system, but also to third-party applications, databases, mail servers or file servers.

In order to streamline the work of end users and administrators, Wolters Kluwer Polska decided to implement Single Sign-On (SSO).

Before implementing this mechanism, it was necessary to determine the systems / clients in which SSO would be enabled, and the users who would use the single sign-on facility. Because WKP systems are hosted and administrated in the BCC Outsourcing Center, the determination of the system landscape did not cause any problems.

The actual implementation of SSO brought about the preparation of SAP systems, i.e. configuration of appropriate parameters in the profiles, and the preparation of SAP system accounts in the Active Directory domain.

Of course, any SSO user should have an account in ActiveDirectory, which can be mapped to relevant SAP accounts (and so the accounts do not need to have identical names in SAP and AD). In addition, from the perspective of the end user, it was necessary to install special libraries and modify SAP GUI profiles accordingly. For SAP NetWeaver Portal systems, it was necessary to configure web browsers.

The configuration of user mappings in SAP systems began when the above conditions were met. Because the Central User Administration (CUA) is enabled on the majority of clients and LSMW (Legacy System Migration Workbench) is used, this operation went relatively quickly and smoothly.

The Single Sign-On was first enabled on test and development systems. After testing, the solution was migrated to production systems.

In SAP systems, if end user passwords are changed due to the company policy, this is done on a user workstation. After the implementation, the SSO mechanism allowed us to disable traditional passwords and to logon via the SAP GUI.

Now, SSO is a foundation of a comfortable working environment in SAP systems.In the morning, having started the computer, the employee can log on to a workstation. With a user ID (login) and only one password, the user can automatically access all necessary applications without the need for separate re-authentication in each one.

SSO is a foundation of a comfortable working environment in SAP systems at Wolters Kluwer. With only one login and password, an employee can automatically access all necessary applications

It is Easier to Remember Only One Thing

The benefits of using SSO technology are quite clear:the user has only one password for all SAP systems they use. The logon process is easier and faster. It’s less of a burden to remember, which reduces the need to write passwords on post-it notes, or use other insecure services which could threaten the security of the system.

Also from the perspective of an administrator, the centralized and convenient management of password policies greatly improves the safety of transferring security certificates, and relieves the administrator who verifies access to systems. The user management in ActiveDirectory means that, currently, the vast majority of password problems can be resolved quickly by the internal WKP help desk without the need for escalation to BCC. The fewer elements involved in this process, the faster the user gets a solution.

Wolters Kluwer Polska (formerly Polskie Wydawnictwa Profesjonalne, PWP) is the biggest publishing house in Poland providing professional legal and business information. The company’s chief operation is the publishing of books and magazines, as well as the preparation and management of specialist internet services. The company belongs to the Dutch Wolters Kluwer Group. Its publications are currently published under three brands: ABC, LEX and Oficyna. The publishing house has a sales network operating throughout Poland. Regional Sales branches are located in all voivodeship cities. The publishing house also has an Internet bookstore.
More information: www.wolterskluwer.pl

See the case study in other language version

The same content is available in other language:

See the case study - Polish

Share

Our references

Whitepapers

News

Contact form





  1. Personal data is processed pursuant to Article 6 (1) (a) of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 – the General Data Protection Regulation
  2. The data controller is SNP Poland Sp. z o.o. with its registered office in Złotniki, ul. Krzemowa 1 62-002 Suchy Las. Contact data of the Data Protection Supervisor: dpo.pl@snpgroup.com.
  3. Consent to data processing is voluntary, but necessary for contact. Consent may be withdrawn at any time without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
  4. The data will be processed for the purposes stated above and until this consent is withdrawn, and access to the data will be granted only to selected persons who are duly authorised to process it.
  5. Any person providing personal data shall have the right of access to and rectification, erasure, restriction of processing, the right to object to the processing and to the transfer of data, the right to restriction of processing and the right to object to the processing, the right to data transfer.
  6. Every person whose data is processed has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
  7. Personal data may be made available to other entities from the group that SNP Poland Sp. z o.o. is part of – also located outside the European Economic Area, for marketing purposes. SNP Poland ensures that the data provided to these entities is properly secured, and the person whose data is processed has the right to obtain a copy of the data provided and information on the location of the data provision.

Please write an email or call

E-mail office.pl@snpgroup.com
Phone +48 61 827 7000

SNP Poland Sp. z o.o.

Headquarter:
Złotniki, ul. Krzemowa 1
62-002 Suchy Las near Poznań, Poland

How can we help?
Write us
Send email
Call us





  1. Personal data is processed pursuant to Article 6 (1) (a) of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 – the General Data Protection Regulation
  2. The data controller is SNP Poland Sp. z o.o. with its registered office in Złotniki, ul. Krzemowa 1 62-002 Suchy Las. Contact data of the Data Protection Supervisor: dpo.pl@snpgroup.com.
  3. Consent to data processing is voluntary, but necessary for contact. Consent may be withdrawn at any time without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
  4. The data will be processed for the purposes stated above and until this consent is withdrawn, and access to the data will be granted only to selected persons who are duly authorised to process it.
  5. Any person providing personal data shall have the right of access to and rectification, erasure, restriction of processing, the right to object to the processing and to the transfer of data, the right to restriction of processing and the right to object to the processing, the right to data transfer.
  6. Every person whose data is processed has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
  7. Personal data may be made available to other entities from the group that SNP Poland Sp. z o.o. is part of – also located outside the European Economic Area, for marketing purposes. SNP Poland ensures that the data provided to these entities is properly secured, and the person whose data is processed has the right to obtain a copy of the data provided and information on the location of the data provision.

General contact for the company
office.pl@snpgroup.com

Question about products and services
info.pl@snpgroup.com

Question about work and internships
kariera@snpgroup.com

+48 61 827 70 00

The office is open
Monday to Friday
from 8am to 5pm

0.515 seconds.