Set Up SAP Hana Authentication

Each SAP Hana record identifies account login credentials, database information and target hosts (IPs).

This record type is only available in accounts with PC or SCA, and is only supported for compliance scans.

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article: 

Authentication Technologies Matrix

How do I get started?

Go to Scans > Authentication, and then go to New > Databases > SAP HANA.

What login credentials are required?

On the Login Credentials tab, choose Basic or Vault based authentication type. For Basic authentication, you'll provide the username and password to be used for authentication to the SAP Hana server. For Vault based authentication, you'll provide the username for authentication, and then pick the vault type and vault record for password retrieval. At scan time, we'll authenticate to hosts with the username in your record and the password we find in your vault.

Need to create a vault record? Just go to Scans > Authentication > Vaults and tell us about your vault system.

What database information is required?

On the Target Configuration tab, tell us the database name to authenticate to and the port the database is running on.

Tell me about SSL verification

By default, the scanner will verify the SSL certificate used by the SAP HANA device to make sure the certificate is valid and trusted. You may want to clear this option to skip SSL verification if the device is not configured with a certificate, the certificate was not issued by a well-known certificate authority (CA) or the certificate is self-signed.

What do I enter in the Hosts field?

Enter a list of FQDNs for the hosts that correspond to all host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed. Multiple hosts are comma separated.

Unix Configuration

On the Unix Configuration tab, enter the full path to the SAP Hana configuration files on your Unix hosts. These files are accessed to run certain checks. Ensure that files are in the same location for all the hosts that you want scan.

Which IPs should I add to my record?

Select the IP addresses for the SAP Hana databases that the scanning engine should log into using the specified credentials.

Tell me about user permissions

Managers can add authentication records. Unit Managers must be granted the Create/edit authentication records permission.

Important Notes for Unit Managers

When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.

Quick Links

Why use host authentication

Vault Support Matrix

SAP Hana Auth PDF Icon