Upload
hansel
View
32
Download
3
Tags:
Embed Size (px)
DESCRIPTION
bioLock Demo - Introduction. bioLock Technical Demo at SAP Public Sector for Sapphire. - PowerPoint PPT Presentation
Citation preview
bioLock Demo -
Introducti
on
bioLock Technical Demo at SAP Public Sector for Sapphire
bioLock controls the access to one or multiple SAP systems via single-sign-on protected with biometrics. We eliminate outdated passwords, and enhance security and convenience while reducing unnecessary password administration cost and saving the user valuable time. For the first time, the user of a transaction will be uniquely identified and the activities can be logged in the SAP log file. There are no more excuses: “It was not me!”
bioLock will guarantee more accurate Audits and could help to comply with critical regulatory mandates such as: Sarbanes-Oxley US Patriot Act HIPAA
bioLock is SAP certified
As mentioned - bioLock is SAP-certified and runs on SAP 4.0 and higher…
bioLock is SAP Certified and NetWeaver Certified
Overview for this
presentation
This is what we will be learning about bioLock :
· Creating a bioLock template
· Assigning the bioLock template to your SAP R/3 user ID
· Logon to multiple SAP systems via single sign on secured by biometrics
· Defining which R/3 transactions should be authenticated for your user
Create a templat
e
First, you will create your own bioLock template. Enter your bioLock userid (this could be identical to your SAP R/3 userid or different) and click on Create Template.
Select a Finger
The following popup will be displayed:
You now have to select which finger you want to use for fingerprint authentication. The default is the index finger of the right hand. Let’s assume you accept the default. Click on Start at the bottom.
S T A R T
Put your
finger on the
hardware
Now put your finger on the hardware device
Siemens ID Mouse
Cherry Keyboard
Other biometric hardware on request…
Record the
fingerprints
Your first fingerprint has been recorded.
Repeat two more times (you need to have 3 fingerprints
recorded), and then confirm the popup.
Template was
created
Click on settings to continue…
You have successfully created a bioLock template. The next step will be to assign the biolock template to your R/3 userid.
Assign biometric user to SAP user
The bioLock R/3 configuration menu is displayed.
Click on Assignment biometric User to SAP User.
Assignment biometric User to SAP-User
New Entries
In the table, click on New Entries.
Assign your
R/3 user
Then assign your R/3 User (User column) to the bioLock User (BIS User).
Save your settings.
Record your
customizing request
You will be asked to record your
settings in a customizing request.
Click on Create Request, enter a Short description for the request and Save.
DE4K900069
Save your customizing
request
Confirm your customizing request and your data will be saved.
Exit out, back to the bioLock configuration menu.
Define
user-depending
verification-check
s
Here, you define for which R/3 transactions your userid should be authenticated. Please note that the ‘function’ column in the table represents the R/3 transaction. Function ’10’ has been customized for fingerprint authentication and represents R/3 transaction MB01, which in turn is the R/3 transaction used for fingerprint authentication in the Homeland Security scenarios. We will configure a different transaction later in the demo!
Select menu option Define user-dependent verification checks.
Define user-depending verification-checks
Enable the function
Click on New Entries and assign your new bioLock user (template) to the function (R/3 transaction). Enable the check.
Save your settings. If prompted, save them to the same transport request you created earlier.
Go back to the bioLock configuration menu.
You have created a bioLock template
Congratulations, you have now successfully created a bioLock template and enabled your userid for fingerprint authentication for transaction MB01/function 10. The logon for your user ID is now protected with biometrics!
See now, how we can logon to multiple SAP systems via
single sign on – secured by biometrics…
The bioLogon selection menu
The bioLogon starts manually or automatically…
You can register all your SAP systems and optional any other of your IT systems for single sign on.
Select the system you
want to access
Double click the system you want to access…
double click or “Logon”
… or select the system and click on “Logon”
Put the finger on the sensor
You will be asked to put the finger on the sensor…
The registered finger is
recognized
Your registered finger will be recognized within a part of a second…
The selected
SAP system will be launche
d
…and the selected SAP system will be launched
The next part of the demo describes how you can enable additional R/3 transactions for fingerprint authentication.
Definition of protected system
functions
This section of the demo will describe, how you can identify an SAP R/3 transaction for bioLock authentication. In this example we will protect the purchase order transaction ME21N.
From the bioLock configuration menu, select Definition of protected system functions.
Definition of protected systemfunctions
Activate the SAP Sys Log file
Click on New Entries.
Choose a function key number that has not been used before.
Activate the Syslog Entry at error and Syslog-Entry option to receive entries in the SAP log file about successfully executed or denied transactions. Unauthorized access will be logged.
Please Note - that the person who executed or tried to execute a transaction or access a balance sheet will be uniquely identified via biometrics and logged in the SAP log file. This biometric identity management is critical to proof, who did what within the system and could become extremely valuable to comply with HIPAA, Sarbanes-Oxley and other Auditing Rules or Regulations.
For the first time the management can proof, who did what and when - and there are no more excuses !!!
Protect critical purchasing functions
Secure financial, HR and health care data
Know which suppliers access your system
Control access to critical company information
Prevent unauthorized access, changes and print of data
Uniquely identify the user - and know what happened when
What can I do with bioLock
Confirm the popup prompt for customizing request to save data…
Click the green arrow twice to get back to the bioLock configuration menu.
Assigning PO
transaction to bioLock
Next, you will have to assign the SAP R/3 purchase order transaction to the bioLock function. In order to isolate fingerprint authentication from standard SAP transactions, we will actually create a copy of the standard purchase order transaction code ME21N. Go to transaction /nSE93.
Enter your new transaction code (suggestion: Z plus the SAP transaction code) and click on Create.
Specify a short text
Specify a short text for your new transaction code and select option Transaction with parameters (parameter transaction). Confirm the popup.
Specify transaction
values
For the new transaction you have to specify the following:
- Transaction Values: /realtime/bis_exit- Skip initial screen: yes
Please press Enter to refresh.
Open the select field
At the bottom of the screen (Default Values section), click on
next to “Name of the screen field”. You will get the following selections:
Configure P_TCODE /
P_FUNK
You need to configure both P_TCODE and P_FUNK as follows:
Save!
ME21N99
Save your changes to a package
If you are asked to save your changes to a package, enter package Z001 and Save.
Create a request
Next, you might be prompted to save to a transport request. You will need to create a new transport request. Click on Create request.
Enter a short description for your request and Save. Confirm your new request number until you get the system message that ‘Transaction code ZME21N was saved’.
Assign transaction code to User
As a last step, you have to assign the new transaction code to your user for fingerprint authentication. In the transaction code window enter /n
/n
Hit Enter and you will be taken back to the main menu
Type in the transaction
code window
Next, click on
Type in the transaction code window: /realtime/biolock
and select define user-dependent verification checks
Define user-depending verification-checks
Final user settings
Save your entries and confirm your changes to one of your existing transport requests.
Click on New Entries…
…and make the following settings:
Enter your system function 99
Enter your R/3 user ID
Smith
Enable the check
Authenticate your self with your
finger
Once you get confirmation message that ‘Data was saved’, try to access your new transaction code : ZME21N.
Authenticate yourself with the finger that you have enrolled
Go to the audit trail
Once you are authenticated, you will receive the following message:
To complete this identity management solution every time you are trying to authenticate yourself, the system is updating the audit trail. Go to transaction /nsm21.
Confirm the popup and click on Reread system log
For the first time the user gets uniquely identified – no matter, what profile he is using. This way bioLock tracks for example which individual is logged in as SAP ALL and which uniquely identified person was responsible for the critical changes…
In the log, you will find an entry like this:
Or it could say User SMITH was identified as MILLER
- the execution of function 99 was denied!
Sarbanes-Oxley – HIPAA – Audits – etc.
View the log
file
Technic
al facts about
bioLock
The bioLock software is installed and configured in hours. Protection of transactions / registration of bioLock users takes minutesActual use is intuitive and requires no trainingThe software is installed in it’s own ‘/realtime’ directory It does not change your SAP configurationbioLock runs on SAP 4.0x and higher
Innovative – inexpensive – convenient
For watching our technical demonstration!
Order Pilot
Installation for $499
WORLD TRADE CENTER 1101 Channelside Drive Tampa Florida 33602Phone: 813-283-0070 Fax: 813-283-0071 Email: [email protected] Web: www.bioLock.us
Download this bioLock Demonstration as a powerpoint presentation to browse it at your own speed and don’t miss viewing our educational bioLock presentation to learn how dangerous passwords could be for your company...
realtime North America Inc.
The End…
www.bioLock.us