Skip to Content

SAP Cloud Platform Mobile Services and backend Identity (with ByDesign)

Dear Community,

Imagine a Mobile App developed using SAP Cloud Platform Mobile Services and SAP Business ByDesign as Backend (I think the problem is the same with another backend).

Destinations are configured with Basic Authentication using a ByD Business User.

Writing data from the mobile application works perfectly but all operations (for example, creating an invoice) appears with the identity used in the Destination definition, what is not valid for my scenario.

From the mobile application I can login to the ByDesign system with a new Identity, but for data updating still is used the Destination user.

How can I specify the Identity of a user different that used in Destinations?

Is there any way to change/select the Destinations connection data from the mobile application itself?

Best regards,

Óscar Espinar

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Aug 09, 2017 at 11:43 AM

    Hi Oscar

    Every access to the backend system (ByDesign in this case) would always use the ByD Business User that you maintained in the Destination because you have set the Authentication option to BasicAuthentication. To individualise transactions you need to set this to Principal Propagation so that it uses the ID you log in to the mobile application with to then transact in the backend system (ByDesign in this case). To enable this though I believe you will need to set up Trust between the 2 systems to effectively pass through this ID. I have carried this out many times when connecting from SCP to ERP systems using the SAP Cloud Connector - certificates are loaded to establish trust between the 2 systems. Your scenario is different because you are connecting 2 cloud systems together. Similar rules would apply though in terms of setting up Trust between them however there is a wider issue here around Single Sign on and whether it is a better approach to direct authentication via some Identity Provider. The app itself could be bound by Trust settings in the SCP sub-account to redirect to an IdP solution and then you could set up SSO to Business By Design.

    Check out this blog for more info.

    From an app coding perspective the routings in the neo-app.json file contain links to the SCP destinations so there may be some options here although you will still need to configure the other destinations with the relevant security authentication types.



    Add comment
    10|10000 characters needed characters exceeded

    • Hi Phil,

      Thanks so much for your response.

      As you said, using an Identify Provider with SSO in SCP (SCPms) and ByDesign will be the perfect solution. The point here is that not all customers using ByDesign (normally SMBs) have one.

      Maybe using (purchase) Identity Authentication Service into SCP would be the best solutions for small and medium-sized business.

      Thanks again for your approach.