Tokenization Workflows from SAP

• Without Data Intercept

• With Data Intercept (version 2) using single sign-on

The following diagrams illustrate the multiple initiation points for tokenization from SAP through PAS to the On-Demand platform with and without Data Intercept.

Without Data Intercept

1. Credit card is entered in the SAPGUI and a call is made through PAS to the XiSecure platform.

2. XiSecure returns a Token that is then stored and used in SAP.

With Data Intercept (version 2) using single sign-on

1. Users presses F4 to launch to trigger Intercept SAP; Intercept SAP sends a request to for SessionID.

2. Intercept SessionID is received.

3. Browser is launched sending Intercept SessionID and SSO ID (the single sign-on identifier). Users enters card number in browser and submits.

4. User returns to SAPGUI, clicks in the credit card number field and presses F4 to Request token with Intercept SessionID.

5. Token is received with the Intercept SessionID and populates in the credit card number field.

Intercept SAP version 1 solution requires the user to log into the Intercept SAP GUI using separate login credentials from his/her SAP login.