Principal Propagation

Use

Principle propagation allows destinations to forward the identity of an on-demand user to the SAP Cloud Connector, which then forwards it to the back-end system of the relevant on-premise system. An on-demand user does not need to provide their identity for each connection to an on-premise system when using the Cloud Connector. The full identity is propagated.

Principal Propagation Overview

The following is a diagram and the high-level steps that occur when an LDAP/AD user authenticates through SAP Business Technology Platform Mobile Services:

  1. User enters their LDAP/AD user name and password on the startup of the SAP Inventory Manager client application.

  2. SAP Business Technology Platform Mobile Services uses basic authentication to validate the user name and password.

  3. An on-premise user store is used to authenticate the users.

  4. SAP Inventory Manager uses principal propagation to connect to the back-end system.

  5. The connection to the Cloud Connector uses an SNC enabled RFC connection.