The following activities can be performed as part of authentication on the mobile device:
The user management of the SAP MI Client Component manages user IDs and local logon passwords. The local logon password is used for local user authentication. It is stored in coded form on the mobile device, and not in plain text. The number of possible failed attempts can be restricted.
A second password, called the synchronization password, is used for synchronization with the SAP MI Server Component (SAP NetWeaver AS). The technical difference between the local logon password and the synchronization password allows you to scale on the basis of security and usability. For more information, see Passwords (Without Single Sign-On).
You can change the passwords on the client side at any time. The data can, however, only be synchronized successfully if the user ID and synchronization password for the client have counterparts on the server. Users can change both passwords with the SAP MI Client Component (see Passwords in SAP MI.).
If the user forgets the local logon password, SAP MI has a function to reset the password. To use this function, the user must have an online connection to the server and authenticate him- or herself using the synchronization password. The user can then reset the logon password without any further assistance.
For mobile devices with only one user you can configure the device in such a way that the user does not have to logon with the local logon password. The start page of the SAP MI Client Component appears immediately as soon as the mobile device is started. Where this is the case, the user must be able to identify him- or herself on the operating system.
The authentication on the operating system is not technically linked to the SAP MI Client Component. It is a conceptual, organizational prerequisite for working with the SAP MI Client Component.
When the user synchronizes with the SAP MI Server Component he or she has to use the synchronization password. You cannot use this bypass option in conjunction with the handling option local for the synchronization password. This results in a configuration conflict. For more information, see Passwords (Without Single Sign-On).
You can configure the SAP MI Client Component to support single sign-on (SSO) if the device is available with an online connection. The SSO technology is based on the SAP logon tickets. The mobile device receives the SAP logon ticket from a system that issues tickets, such as SAP Enterprise Portal. The mobile device can then be verified at the SAP MI Server Component with the SAP logon ticket without the user having to enter an additional password. For more information, see Integration in Single Sign-On Environments.