Enter your R/3 user ID - realtime North America, Inc.
advertisement
bioLock Technical Demo at SAP Public Sector for Sapphire bioL ock Dem oIntro ducti on bioLock controls the access to one or multiple SAP systems via single-sign-on protected with biometrics. We eliminate outdated passwords, and enhance security and convenience while reducing unnecessary password administration cost and saving the user valuable time. For the first time, the user of a transaction will be uniquely identified and the activities can be logged in the SAP log file. There are no more excuses: “It was not me!” bioLock will guarantee more accurate Audits and could help to comply with critical regulatory mandates such as: Sarbanes-Oxley US Patriot Act HIPAA bioLock is SAP certified As mentioned - bioLock is SAP-certified and runs on SAP 4.0 and higher… bioLock is SAP Certified and NetWeaver Certified This is what we will be learning about bioLock : · Creating a bioLock template · Assigning the bioLock template to your SAP R/3 user ID · Logon to multiple SAP systems via single sign on secured by biometrics · Defining which R/3 transactions should be authenticated for your user Overview for this presentation First, you will create your own bioLock template. Enter your bioLock userid (this could be identical to your SAP R/3 userid or different) and click on Create Template. Create a template The following popup will be displayed: Select a Finger START You now have to select which finger you want to use for fingerprint authentication. The default is the index finger of the right hand. Let’s assume you accept the default. Click on Start at the bottom. Now put your finger on the hardware device Put your finger on the hardwar e Siemens ID Mouse Cherry Keyboard Other biometric hardware on request… Your first fingerprint has been recorded. Record the fingerpr ints Repeat two more times (you need to have 3 fingerprints recorded), and then confirm the popup. You have successfully created a bioLock template. The next step will be to assign the biolock template to your R/3 userid. Templ ate was create d Click on settings to continue… The bioLock R/3 configuration menu is displayed. As sig n bi o m etr ic us er to S A P us er Assignment biometric User to SAP-User Click on Assignment biometric User to SAP User. In the table, click on New Entries. New Entries Then assign your R/3 User (User column) to the bioLock User (BIS User). Assig n your R/3 user Save your settings. You will be asked to record your settings in a customizing request. DE4K900069 Record your customizing request Click on Create Request, enter a Short description for the request and Save. Confirm your customizing request and your data will be saved. Save your customizing request Exit out, back to the bioLock configuration menu. Select menu option Define user-dependent verification checks. Defin e userdepen ding verific ationcheck s Define user-depending verification-checks Here, you define for which R/3 transactions your userid should be authenticated. Please note that the ‘function’ column in the table represents the R/3 transaction. Function ’10’ has been customized for fingerprint authentication and represents R/3 transaction MB01, which in turn is the R/3 transaction used for fingerprint authentication in the Homeland Security scenarios. We will configure a different transaction later in the demo! Click on New Entries and assign your new bioLock user (template) to the function (R/3 transaction). Enable the check. Enable the function Save your settings. If prompted, save them to the same transport request you created earlier. Go back to the bioLock configuration menu. You have created a bioLock template Congratulations, you have now successfully created a bioLock template and enabled your userid for fingerprint authentication for transaction MB01/function 10. The logon for your user ID is now protected with biometrics! See now, how we can logon to multiple SAP systems via single sign on – secured by biometrics… The bioLogon starts manually or automatically… The bioLogon selection menu You can register all your SAP systems and optional any other of your IT systems for single sign on. Double click the system you want to access… Select the system you want to access double click or “Logon” … or select the system and click on “Logon” You will be asked to put the finger on the sensor… Put the finger on the sensor Your registered finger will be recognized within a part of a second… The registered finger is recognized …and the selected SAP system will be launched The selected SAP system will be launche d The next part of the demo describes how you can enable additional R/3 transactions for fingerprint authentication. This section of the demo will describe, how you can identify an SAP R/3 transaction for bioLock authentication. In this example we will protect the purchase order transaction ME21N. From the bioLock configuration menu, select Definition of protected system functions. Definition of protected system functions Definition of protected systemfunctions Click on New Entries. Choose a function key number that has not been used before. Please Note - that the person who executed or tried to execute a transaction or access a balance sheet will be uniquely identified via biometrics and logged in the SAP log file. This biometric identity management is critical to proof, who did what within the system and could become extremely valuable to comply with HIPAA, Sarbanes-Oxley and other Auditing Rules or Regulations. Activate the SAP Sys Log file For the first time the management can proof, who did what and when - and there are no more excuses !!! Activate the Syslog Entry at error and Syslog-Entry option to receive entries in the SAP log file about successfully executed or denied transactions. Unauthorized access will be logged. What can I do with bioLock Protect critical purchasing functions Secure financial, HR and health care data Know which suppliers access your system Control access to critical company information Prevent unauthorized access, changes and print of data Uniquely identify the user - and know what happened when Confirm the popup prompt for customizing request to save data… Click the green arrow twice to get back to the bioLock configuration menu. Next, you will have to assign the SAP R/3 purchase order transaction to the bioLock function. In order to isolate fingerprint authentication from standard SAP transactions, we will actually create a copy of the standard purchase order transaction code ME21N. Go to transaction /nSE93. Assigning PO transaction to bioLock Enter your new transaction code (suggestion: Z plus the SAP transaction code) and click on Create. Specify a short text for your new transaction code and select option Transaction with parameters (parameter transaction). Confirm the popup. Specify a short text For the new transaction you have to specify the following: - Transaction Values: /realtime/bis_exit - Skip initial screen: yes Specify transaction values Please press Enter to refresh. At the bottom of the screen (Default Values section), click on next to “Name of the screen field”. You will get the following selections: Open the select field You need to configure both P_TCODE and P_FUNK as follows: Configure P_TCODE / P_FUNK ME21N 99 Save! If you are asked to save your changes to a package, enter package Z001 and Save. Save your changes to a package Next, you might be prompted to save to a transport request. You will need to create a new transport request. Click on Create request. Create a request Enter a short description for your request and Save. Confirm your new request number until you get the system message that ‘Transaction code ZME21N was saved’. As a last step, you have to assign the new transaction code to your user for fingerprint authentication. In the transaction code window enter /n /n Assign transaction code to User Hit Enter and you will be taken back to the main menu Type in the transaction code window: /realtime/biolock Next, click on and select define user-dependent verification checks Type in the transaction code window Define user-depending verification-checks Click on New Entries… …and make the following settings: Enter your system function 99 Smith Enter your R/3 user ID Final user settings Enable the check Save your entries and confirm your changes to one of your existing transport requests. Once you get confirmation message that ‘Data was saved’, try to access your new transaction code : ZME21N. Authenticate yourself with the finger that you have enrolled Authenticat e your self with your finger Once you are authenticated, you will receive the following message: To complete this identity management solution every time you are trying to authenticate yourself, the system is updating the audit trail. Go to transaction /nsm21. Go to the audit trail Confirm the popup and click on Reread system log In the log, you will find an entry like this: View the log file Or it could say User SMITH was identified as MILLER - the execution of function 99 was denied! For the first time the user gets uniquely identified – no matter, what profile he is using. This way bioLock tracks for example which individual is logged in as SAP ALL and which uniquely identified person was responsible for the critical changes… Sarbanes-Oxley – HIPAA – Audits – etc. Tec hnic al facts abou t bioL ock For watching our technical demonstration! The bioLock software is installed and configured in hours. Protection of transactions / registration of bioLock users takes minutes Actual use is intuitive and requires no training The software is installed in it’s own ‘/realtime’ directory It does not change your SAP configuration bioLock runs on SAP 4.0x and higher Innovative – inexpensive – convenient The End… Order Pilot Installati on for $499 Download this bioLock Demonstration as a powerpoint presentation to browse it at your own speed and don’t miss viewing our educational bioLock presentation to learn how dangerous passwords could be for your company... www.bioLock.us realtime North America Inc. WORLD TRADE CENTER 1101 Channelside Drive Tampa Florida 33602 Phone: 813-283-0070 Fax: 813-283-0071 Email: info@biolock.us Web: www.bioLock.us
