Set Up SAP IQ Authentication

Each SAP IQ record identifies account login credentials, database information and target hosts (IPs) for authenticating to SAP IQ instances.

This record type is only available in accounts with PA or SCA and is only supported for compliance scans.

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PA by record type, refer to the following article:

Authentication Technologies Matrix

Help me with record settings

How do I get started?How do I get started?

- Go to Scans > Authentication.

- Check that you already have a record defined for each host running database instances.

- Create a SAP IQ record for the database instance. Go to New > Databases > SAP IQ.

What login credentials are required?What login credentials are required?

Provide basic login credentials (username and password) to be used for authentication or get the password from a supported password vault.

Tell us the database name to authenticate to and the port the database is running on. The installation directory name is required only for Unix based hosts.

When to enable password encryption?When to enable password encryption?

Enable this option when your SAP IQ database instance requires an encrypted password for successful login. If password encryption is required and you do not enable this option then authentication will fail.

Which IPs should I add to my record?Which IPs should I add to my record?

Select the target compliance hosts (IPs) to authenticate to.

Want to access the account password from your password vault?Want to access the account password from your password vault?

We support integration with multiple third party password vaults. Just go to Scans > Authentication > New > Authentication Vaults and tell us about your vault system. Then choose Authentication Vault in your record and select your vault record that you created. At scan time, we'll authenticate to hosts using the account name in your record and the password we find in your vault.

Important Notes for Unit ManagersImportant Notes for Unit Managers

When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.

Do you have Tag Support enabled?Do you have Tag Support enabled?

If your subscription has Tag Support for Authentication Records enabled, then you'll see additional options for specifying hosts using asset tags. Choose an asset type and then provide IPs or tags to the record. Your asset type options are: IPs/Ranges, IP Range in Tag Rule and Asset Tags.

For domain level authentication, you can only add assets when the domain type is NetBIOS, User-Selected IPs. The Assets section is disabled when the domain type is NetBIOS, Service-Selected IPs, or Active Directory.

Asset Type: IPs/Ranges
Use this option to add IP addresses/ranges to the record. Enter the IP addresses/ranges in the field provided.

Asset Type: IP Range in Tag Rule
Use this option to add tags that have IP address ranges defined in the tag rule. All IP addresses defined in the tag rule will be associated with the record, including IPs that don’t already have the tag assigned. Click Add Tag to pick tags to include or exclude. Note that only tags with the dynamic tag rule “IP Address in Range(s)” will be available in the tag selector.

Asset Type: Asset Tags
Use this option to add tags to the record for the assets you want included. IP addresses with the selected tags already assigned will be associated with the record. Click Add Tag to pick tags to include or exclude.

Learn more about tag support for authentication records

Quick Links

Why use host authentication

Vault Support Matrix

SAP IQ Auth

Last updated: May, 2026