Authentication in SAP Business One is the process of uniquely verifying a user's identity before they are granted access to system functions, documents or confidential data.
Authentication forms the mandatory foundation of secure user and rights management in SAP Business One, as it requires a prior identity check before any access. The superuser controls the authentication guidelines centrally via password management (Administration > Definition > General > Security) and defines which password criteria a user password must fulfil. They can also specify minimum numbers of digits, lower-case letters and non-alphanumeric characters and allow passwords of up to 128 characters. In addition, a password history ensures that new Passwords must not match recently used passwords, which further increases data security. Furthermore, the security level settings define how many failed login attempts are permitted before a user account is automatically blocked; only a superuser may unblock such an account. After successful authentication, the authorisations assigned determine the specific scope of user tasks, i.e. whether a user is allowed to display, create or update documents or master data. A new user therefore starts without authorisations until these are explicitly assigned. In addition, the superuser can configure the web client to start read-only, which allows access to detailed and list views, but prevents data from being created or changed. For integration scenarios and mobile solutions, the system uses the special B1i user for the authentication check; the Integration Framework, whether the user name, password, mobile phone number, device ID and licence situation match. Finally, the authentication service in the System Landscape Directory (SLD) has been specifically hardened and the configuration of Single Sign-On (SSO) has been improved to support both security and simplified access to the system.
Authentication only checks the identity of the user, whereas the authorisations subsequently determine which actions the user is actually permitted to perform in the system (e.g. displaying, creating or updating documents and base data). Password management and security level settings, on the other hand, define the rules and limits under which authentication may take place, such as password complexity, password history and permitted failed attempts, but are not themselves the act of authentication. Single sign-on (SSO) and the hardened authentication service in the SLD again serve the technical implementation and simplification of access, but are functionally based on the basic principle of authentication as an identity check.
Security alarm for ERP systems
Log4Shell (Log4j gap) & SAP Business One
Two-factor authentication for MariProject
Data secure in the cloud
