To fully secure devices, developers and administrators can combine multiple
mechanisms. In addition to using the built-in security features of both the device and
SAP Mobile Platform, SAP recommends
that you also use Afaria so you can remotely initiate security features as required.
Application authentication is defined by the developer, managed by the administrator in
and processed by the core CSI in SAP Mobile Platform Server.
Device security in SAP Mobile Platform follows this process:
- The client sends the application ID and user credentials (including user name
and password, certificate, or token) to
SAP Mobile Platform.
- SAP Mobile Platform uses the application ID to find the
security profile that should authenticate the user credentials, and invokes the
authentication providers in that profile to perform the authentication.
- When authentication succeeds, the user credentials or additional credentials
derived during the authentication process are made available as SSO material
towards the back-end systems.
In SAP Mobile Platform Server, the client always provides the credentials defined
in their security profile, and not the back-end system. If you are configuring multiple
back ends, then following options are possible:
- Use SAP SSO2 Token when connecting to an SAP back-end system
- User provides credentials for the SAP Mobile Platform Server
authentication, which in turn provides a MYSAPSSO2 token.
- That same token can be used to connect to all back-end systems.
- Use X.509 certificate when connecting to an SAP back-end system
- A trusted certificate can be used with all back-end systems.
- Use basic authentication when connecting to any back-end system
- The SAP Mobile Platform Server authentication and all back-end
systems should have same user name and password.
Developers define SAP Mobile Platform security features for devices,
including data encryption, login screens, and data vaults for storing sensitive data.
Developers use the Client Hub, integrated with Logon Manager, which simplifies user
onboarding and configuration to enable easier and faster enterprise-wide deployments.
The Client Hub reduces the effort required by the end user to manage multiple passwords
for mobile applications and improves the user experience.