Configure Principal Propagation

As long as principal propagation is active, PCo carries out authorization checks against locally configured users only.

For a transition from locally configured PCo users to the central user group management, first disable principal propagation, then distribute the centrally managed user groups to PCo, and finally remove the local users. For more information on user and user group management, see the sections Settings in the PCo Management Console and Maintaining User Groups (in DMC).

You have two options for configuring principal propagation:

• You can create a certificate signing request in order to obtain a certificate signed by a certificate authority (CA).

  As CA certificates provide a higher level of security, it is recommended that you use them.

  For more information, please see:

  Create a CA Certificate

  Configure Trust for CA Certificate

  https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/d0c4d5675d4f4bc78a5b7a7b8687c841.html.)

  As CA certificates provide a higher level of security, it is recommended that you use them.

• You can create and import a self-signed certificate.

  This is recommended for test purposes only.