The SAP Trust Center is located centrally in a highly-secure data center at SAP Headquarters in Walldorf, Germany. The SAP ONE Support Launchpad includes a Registration Authority, which can check the user's identity using the Launchpad user data.
This single sign-on technology is essentially based on a public key infrastructure: Users generate a key pair consisting of a public and a private key using functions native to their Internet browser. The public part of the key is transferred to the SAP Trust Center. Once the public key has been verified, the SAP Trust Center returns a signed certificate to the requester. This certificate is imported directly into the browser.
The SAP Passport is your digital ID on the Internet and identifies you as a member of the SAP Trust Community. The SAP Passport is saved on the computer you requested the passport with. It enables single sign-on for a multitude of SAP websites.
We recommend to use SAP Passports only if the operating system on your local computer supports a strict separation of user data.
The security of your system depends heavily on the procedures you adopt when working with it. Always avoid having other persons acting in your name.
Therefore, please take careful note of the following security rules and be sure to apply them. They help you protect your SAP Passport from unauthorized access by others:
The SAP Passport is a X.509 Client-certificate.
A certificate is an alternative means of authentication to User-ID and password.
The new SAP ONE Support Launchpad and updated applications require you to use one of the following browser versions:
Note: You only need the ActiveX settings for Internet Explorer.
In the menu bar of the Internet Explorer choose the following path: Tools > Internet Options > Security tab > Custom Level...
Set the following entries to Enable or Prompt:
There are two options to install the SAP Passport:
Automatically via browser (only available in Internet Explorer):
Manually via download:
Note: After installing a new SAP Passport certificate, we strongly recommend you to delete the old SAP Passport everywhere it is used.
The automatically installation of the SAP Passport via browser is done using ActiveXObject, which is an API limited to Internet Explorer. In summary, the following procedure takes place in the background when you install your SAP Passport via browser on the Install the SAP Passport button:
Where you find your SAP Passport depends on the browser you use:
Find the SAP Passport in Internet Explorer
Find the SAP Passport in Chrome
Find the SAP Passport in Firefox:
Find the SAP Passport in Mac (Safari):
If you have installed a new SAP Passport, there are now two SAP Passports in your browser. This means that the next time you log in to the SAP ONE Support Launchpad (or any SAP website that supports SAP Passports), your browser will ask you which of the two you wish to use.
To exclusively use the new SAP Passport, SAP recommends that you delete your old SAP Passport. Since the new SAP Passport is valid already, there is no reason to retain the old one.
Where you remove your old SAP Passport depends on the browser you use.
The value Days to expire displayed on the SAP Passport tile in the Launchpad means the number of remaining days until your SAP Passport expires based on the last SAP Passport installed or downloaded for your user.
Therefore, after installing a new SAP Passport certificate, we strongly recommend you delete the old SAP Passport everywhere it is used. Otherwise, this value might be imprecise depending on the SAP Passport being used.
Until your SAP Passport is created using the new SAP Passport application, the No Certificate Found message will be displayed on the SAP Passport tile on the Launchpad homepage.
Once you have created the SAP Passport using the new SAP Passport application, the number of days remaining to the certificate expiration is displayed.
You can still use browser certificates with multiple user IDs, but you have to request one for each user ID.
Once you have installed a browser certificate for your first user ID, your browser might log you on to the SAP ONE Support Launchpad automatically. To apply for a second certificate:
You will now be able to request further certificates by cancelling the browser certificate's selection prompt and logging in with your second S-user ID instead.