This post covers the topic of user authentication on SAP Asset Manager. It includes the breakdown of steps enabling the single sign-on in the SAP Asset Manager application.
SAP Asset Manager is based on Mobile Development Kit (MDK) architecture. MDK provides a runtime and full customisation framework for SAP Asset Manager. Developers can easily customise the SAP Asset Manager application by adding or editing actions, business logic, screens, styling, etc. The SAP Asset Manager application uses the OAuth 2.0 protocol to authenticate users and to get authorisation to access data on the SAP backend system.
During the onboarding process, when users log in to the SAP Asset Manager application for the first time, the mobile application sends an authorisation request to the OAuth server. Subsequently, it delegates the call to the respective Identity Authentication tenant. Then, SAP Asset Manager users enter their credentials into a form generated by the Identity Authentication tenant.
Once the onboarding process is completed, an access token is automatically granted to the users. When SAP Asset Manager accesses service resources, the token is used for authentication.
The SAP Asset Manager Application User Authentication can be delegated through SAP Business Technology Platforms, Identity Authentication (Or) Third-Party Identity Providers like Azure AD, Okta, IAS, and others.
However, authentication to an individual component served by Mobile Services does not ensure authentication to a backend service. To propagate the authentication information of the application to the backend service, it is necessary to turn on principle propagation of the destination that is set as the backend connection of the application.
The SAP Cloud Connector allows the SAP Cloud Platform to connect to the SAP S/4HANA on-premises system of a customer. To make this possible, you need to configure the principal propagation from the SAP Cloud Connector to the SAP S/4HANA on-premises ABAP system.
Now, to enable the Single Sign-On with Okta, a third-party identity and access management provider, you’ll need to follow these eight steps:
1. Download the SAML metadata from the Trust configuration of the SAP BTP subaccount.
2. Create an application for BTP in the Okta Admin to enable trust and download the metadata file.
3. Setup a trust configuration in BTP Subaccount and upload the metadata obtained from the Okta application.
4. Create an MDK application in Mobile Services for SAP Asset Manager and enable the principal propagation in the SAM-related destination.
5. Configure the SAP Cloud connector with the principal propagation and subject pattern.
6. Import Cloud Connector (SCC) System certificate in SAP backend to establish the trust between the backend and SCC. Also, maintain profile parameters in the backend.
7. Configure the rule-based certificate mapping through the CERTRULE transaction or by assigning external IDs to users through the EXTID_DN transaction.
8. Test the SAP Asset Manager Application.
Now that you have an idea of how user authentication works on the SAP Asset Manager application, please Reach Out to Us, at On Device Solutions, if you need more information about the implementation or to schedule a demo specific to your requirements. You can contact us by filling out a contact form (click on the link above) or by emailing email@example.com
Alternatively, discover more about SAP Asset Manager Here.
Founded in 2011, On Device Solutions is a specialist IT consultancy providing enterprise mobility products and services. We are an SAP Gold Partner helping customers get anywhere and anytime access to the information stored in their enterprise systems like SAP, unlocking their information’s value.