Configuring Security Profiles and Authentication Providers

Use Management Cockpit to configure security profiles and corresponding authentication providers to define the security access and scope for users mapped to logical roles in SAP Mobile Platform.

SAP Mobile Platform does not provide proprietary security systems for storing and maintaining users and accessing control rules, but delegates these functions to the enterprise’s existing security solutions.

A security profile determines the scope of user identity, data access, and security by performing authentication checks. A user must be part of the security repository used by the configured security profiles to access any resources, either a Management Cockpit administration feature or a data set from a back-end data source.

SAP Mobile Platform includes three default security profiles: Admin, Default, and Notification. Administrators can also create new security profiles and assign authentication providers using Management Cockpit.

Security profiles aggregate various security mechanisms for protecting SAP Mobile Platform resources under a specific name, which administrators can then assign. Each security profile consists of:
  • Configured authentication providers: security provider plug-ins for many common security solutions, such as LDAP, are included with SAP Mobile Platform.
  • Role mappings that map SAP Mobile Platform logical roles to back-end physical roles.
A user entry must be stored in the security repository used by the configured authentication provider to access any resources. When a user attempts to access a particular resource, SAP Mobile Platform Server tries to authenticate and authorize the user, by checking the security repository for security access policies on the requested resource and role memberships.