Passwords (Without Single Sign-On)

Use

When the administrator creates individual users for the Data Orchestration Engine (DOE), the system generates a password for the initial logon. The client device user then has to log onto the server (SAP NetWeaver AS) once directly and change the password (more information: Changing the Logon Password and Changing the Synchronization Password )

The mobile client supports the technical difference between the synchronization password and the local logon password.

Local logon password is used for offline authentication on the client.
Synchronization password is used for online authentication on the DOE.

The online authentication takes place at the beginning of the synchronization cycle. The user ID and the synchronization password are transferred to the server and are verified there.

In the Default.properties file, the administrator can define how the synchronization password and the local logon password are to be handled. There are parameters assigned for the local logon password and the synchronization password in this file.

Parameters for the Local Logon Password

Bypassing Local Logon

For bypassing local logon, you must use the following parameters:
- MobileEngine.UserManagement.bypasslocallogon = true
  
  You use the parameter to determine if the local logon on the client can be bypassed. In this case, the user's system logon is considered to be sufficient authentication.
  
  Possible values for the parameter are true and false .
- MobileEngine.UserManagement.singleusermode = true
  
  Possible values for the parameter are true and false .
- com.sap.tc.mobile.user.username = <username>
Resetting the Password

MobileEngine.UserManagement.resetlocallogonpasswordsupport : You use this parameter to determine if the user can reset the password.

Possible values for the parameter are true and false .

Default value is false .
Locking the Logon Password after Multiple Failed Attempts

com.sap.tc.mobile.cfs.user.lock.threshold : You use this parameter to limit the number of failed attempts by a user to log on to the client. The password is locked if the number of failed attempts exceeds this threshold value.

Possible values for the parameter are integers between 1 to 99 .

Default value is 3 .
Customizing the Minimal Length of the Password

com.sap.tc.mobile.cfs.user.password.length.min : You use this parameter to define the minimum length required for the logon password.

Possible values are integers between 3 to 40 .

Default value is 6 .

Parameters for the Synchronization Password

com.sap.tc.mobile.sync.passwordhandling : You use this parameter to determine how the synchronization password is handled. Possible values are:

local - Synchronization password corresponds to the local logon password. The user need not enter the password for synchronization.

Note

You cannot use this parameter value if the parameter Bypassing Local Logon is enabled.
atSync - Synchronization password does not correspond to the local logon password and the password must be entered for each synchronization (default value).

Note

You cannot enable background synchronization when this parameter value is selected.
once - Synchronization password does not correspond to the local logon password and for each logon, the synchronization password must be entered once.

More Information

Security Measures Related to Password Rules