Set Up SAP Hana Authentication
Each SAP Hana record identifies account login credentials, database information and target hosts (IPs).
This record type is only available in accounts with PA or SCA, and is only supported for compliance scans.
Which technologies are supported?
For the most current list of supported authentication technologies and the versions that have been certified for VM and PA by record type, refer to the following article:
Authentication Technologies Matrix
How do I get started?
Go to Scans > Authentication, and then go to New > Databases > SAP HANA.
What login credentials are required?
On the Login Credentials tab, choose Basic or Vault based authentication type. For Basic authentication, you'll provide the username and password to be used for authentication to the SAP Hana server. For Vault based authentication, you'll provide the username for authentication, and then pick the vault type and vault record for password retrieval. At scan time, we'll authenticate to hosts with the username in your record and the password we find in your vault.
Need to create a vault record? Just go to Scans > Authentication > Vaults and tell us about your vault system.
What database information is required?
On the Target Configuration tab, tell us the database name to authenticate to and the port the database is running on.
Tell me about SSL verification
By default, the scanner will verify the SSL certificate used by the SAP HANA device to make sure the certificate is valid and trusted. You may want to clear this option to skip SSL verification if the device is not configured with a certificate, the certificate was not issued by a well-known certificate authority (CA) or the certificate is self-signed.
What do I enter in the Hosts field?
Enter a list of FQDNs for the hosts that correspond to all host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed. Multiple hosts are comma separated.
Unix Configuration
On the Unix Configuration tab, enter the full path to the SAP Hana configuration files on your Unix hosts. These files are accessed to run certain checks. Ensure that files are in the same location for all the hosts that you want scan.
Which IPs should I add to my record?
Select the IP addresses for the SAP Hana databases that the scanning engine should log into using the specified credentials.
Do you have Tag Support enabled?
If your subscription has Tag Support for Authentication Records enabled, then you'll see additional options for specifying hosts using asset tags. Choose an asset type and then provide IPs or tags to the record. Your asset type options are: IPs/Ranges, IP Range in Tag Rule and Asset Tags.
For domain level authentication, you can only add assets when the domain type is NetBIOS, User-Selected IPs. The Assets section is disabled when the domain type is NetBIOS, Service-Selected IPs, or Active Directory.
Asset Type: IPs/Ranges
Use this option to add IP addresses/ranges to the record. Enter the IP addresses/ranges in the field provided.
Asset Type: IP Range in Tag Rule
Use this option to add tags that have IP address ranges defined in the tag rule. All IP addresses defined in the tag rule will be associated with the record, including IPs that don’t already have the tag assigned. Click Add Tag to pick tags to include or exclude. Note that only tags with the dynamic tag rule “IP Address in Range(s)” will be available in the tag selector.
Asset Type: Asset Tags
Use this option to add tags to the record for the assets you want included. IP addresses with the selected tags already assigned will be associated with the record. Click Add Tag to pick tags to include or exclude.
Learn more about tag support for authentication records
Tell me about user permissions
Managers can add authentication records. Unit Managers must be granted the Create/edit authentication records permission.
Important Notes for Unit Managers
When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.
