SAP logon via 1Password

Hi guys,

I was a bit concerned about how I can automate the management of the credentials for the SAP systems which I use in my daily work, and after some research I've found this article - it regards the way how to set up Keepass to store SAP password and launch SAP logon with them.

I thought that I could use the same approach in 1Password, but it didn't work, so I would like to discuss it here.

As far as I understood the approach in the article, there is a way to run SAP logon application and to transfer in it system name, client, user, password and other parameters via command line. I've tried to run that command in cmd and it worked perfect. It looks like Keepass can run the cmd shell commands via cmd:// and can pass in that string the the data which is stored in Keepass via variables ({USERNAME} and {PASSWORD} I guess).

Can 1Password do the same?

Comments

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @Winter_mute,

    1Password has a feature called Auto-Type where it can automate the typing in other applications. You can use that to auto-fill the username and password into your SAP app. However right now, Auto-Type can only work with the username and password, it can't fill the other fields, and you'd have to copy/paste the third field manually for SAP.

    We are interested in expanding this feature in the future and we'll keep this in mind.

  • edited March 2015

    @ MikeT

    However right now, Auto-Type can only work with the username and password, it can't fill the other fields, and you'd have to copy/paste the third field manually for SAP.

    Could you not create two separate logins for the same window. Autotype is blind so you'd press:

    Ctrl+\ + [first login] + [tab] + Ctrl+\ + [second login]

  • I'll try the AutoType, but what about capability to run the windows cmd commands with data stored in 1Password? I guess that it is relevant not only for SAP, but for other software.

  • MikeTMikeT Agile Samurai

    Team Member

    Hi guys,

    @RichardPayne:

    Could you not create two separate logins for the same window. Autotype is blind so you'd press:

    It seems a bit messy but for one app, it might work. Do you know of a free app with three fields, so I can try this? I'm not sure how well it could work.

    @Winter_mute:

    I'll try the AutoType, but what about capability to run the windows cmd commands with data stored in 1Password? I guess that it is relevant not only for SAP, but for other software.

    Auto-Type would be the most generic way to support this type of filling among all applications. I'll pass on your request to our development team to see if it would be possible to insert specific field values into the URL path, so that 1Password fills it in before opening the URL.

    If you have the script already installed on your computer, what you can do for now is to replace the {username}/{password} in the arguments with your actual username/password and store it in a custom field, like this:

    That way, you can just click one button to clip it to your clipboard and paste it in the command line.

    The limitation of this is if you change your password later, you have to also change it in that custom field. That's why the {} support is needed in 1Password, so it can automatically do that for you but we might not be able to add this support. We'll add your vote and see what we can do in the future.

  • @MikeT

    It seems a bit messy but for one app, it might work. Do you know of a free app with three fields, so I can try this? I'm not sure how well it could work.

    I, or any other developer, could knock one up in about 5 minutes flat.

    The other, more generic apapproach, is to allow a simple keystroke scripting so the autotype sequence can be customised.

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @RichardPayne,

    The other, more generic apapproach, is to allow a simple keystroke scripting so the autotype sequence can be customised.

    I think that's what improving Auto-Type might be, just making it more flexible for situations like this.

  • edited March 2015

    allow a simple keystroke scripting so the autotype sequence can be customised.

    @RichardPayne We need to remember 1Password should be a simple app and do the right thing for most customers. If we add such complex settings, then eventually 1Password will be unusable.

  • @svondutch for password managers to be effective, their use needs to be pervasive. This means that they need to cope with the strange use cases. I'm all for software working out of the box with the default settings for the most common use cases but I don't agree that this should limit the software's capabilities.

    Take PuTTY as an example. The settings window for PuTTY is horrendously complex, and yet for 99% of cases you don't have to worry about it. All of the options you need for day to day use are on the first page.

    Web browsers are another good example. The settings windows contain the most commonly used settings but everything is else is tweakable for more advanced users.

    Basically, what I'm saying is that allowing it to do the right thing in the corner cases by some advanced settings does not preclude it do the right thing for the other 99% of customers by default.

  • edited March 2015

    @RichardPayne The 1Password user does not compare to the PuTTY user, and the PuTTY settings window is exactly what I'm trying to prevent.

  • I know, and I wasn't suggesting that it go that far. I completely agree that new features should be carefully considered. However, I do think that you are excluding useful features simply to reduce the configuration set, which is a mistake in my opinion.

  • @RichardPayne You have the mindset of a power user. Most customers are not, and we want to spend our limited time and resources on making the lives of 99% of our customers easier and more secure.

    That being said, I believe running shell commands via CMD:// is an excellent idea. Because it doesn't take a lot of time for me to support this, I'll be adding it to the next BETA version.

  • You have the mindset of a power user. Most customers are not, and we want to spend our limited time and resources on making the lives of 99% of our customers easier and more secure.

    I do, and yet I'm not blind to the needs of normal users. I am not suggesting making the normal users' experiences more complex.
    Making an argument based on limited developer resources is entirely different to arguing that supporting the needs of advanced users inevitably makes the product too complex for normal users. I can understand the former, but the latter is a fallacy as far as I can see.

  • @RichardPayne We have so many options already. We just need to pick what we believe is best and move forward.

  • edited March 2015

    there is a way to run SAP logon application and to transfer in it system name, client, user, password and other parameters via command line. I've tried to run that command in cmd and it worked perfect. It looks like Keepass can run the cmd shell commands via cmd:// and can pass in that string the data which is stored in Keepass via variables {USERNAME} and {PASSWORD}

    @Winter_mute I have added this to 1Password 4.2.0.548

  • @svondutch I've just tried - and it works absolutely as I wanted it to work.

    I really appreciate that you fulfilled my humble request - to be honest I didn't expected to get it so soon.

    Thanks again - great job and excellent customer focus!

  • MikeTMikeT Agile Samurai

    Team Member

    On behalf of Stefan, you're welcome.

This discussion has been closed.