Securing SAP Mobile Business Applications
At BPSE we believe that mobile security should be convenient. We have developed expert skills in implementing the SAP Kapsel SDK in order to provide an optimized multi-application user experience for our enterprise customers.
SAP UI5 applications enable the user to accomplish their goals in the most efficient, uncluttered manner possible. Role-based workflows are one of the core principles of the SAP Fiori Design Guidelines. While this allows for a very intuitive and simple user experience, it means that a discrete mobile business application is required to fulfill each of the different business roles. This poses a convenience issue if a user is asked to sign in using their SAP credentials by every application they use.
An ideal solution would be if the user would only need to give their SAP login credentials once and that these credentials would then be shared between all the apps that connect to that same system. The SAP Client Hub is an application that acts as a central user credential vault for all your Native and Hybrid applications on your device. The following diagram describes the process of logging in to an SAP system with the Client Hub acting as a central store:
The Client Hub in effect gives the user an SSO-like experience while using hybrid or native mobile applications on the device. The following is a series of screenshots of an Android 5.0 device showing the process of setting an SSO passcode and onboarding an application using the Client Hub.
Launch the SAP Client Hub and enter your desired SSO Passcode:
Once the password is accepted:
You may now exit the Client Hub app and open your business application. On the first run of your application you are asked to enter the SSO passcode you set in the SAP Client Hub. This functionality is provided by the SAP Kapsel SDK that BPSE implements in its hybrid business applications. The Kapsel SDK allows us to provide enhanced mobile security features such as encrypted storage for data as well as a highly secure data vault for login credentials:
Upon successful submission of the SSO passcode, the application queries the Client Hub for your SAP system login credentials. Since you have not given these credentials yet, you are prompted to enter them. This is the only time you will have to do this:
After you input your SAP system credentials, they are saved in the data vault of the Client Hub and can now be retrieved by your other (authorized) business applications. You are now prompted to set a passcode for this particular business application. You are challenged with this passcode when you try to resume this application after using another or after a long period of inactivity. This is a security feature to ensure the safety of company data in the event of unauthorized use of your mobile device. A shorter passcode that is easier to enter on a mobile device provides a far better user experience than having to retype your SAP system credentials repeatedly:
Once the authentication process is complete you can start using your business application:
If you would like to find out more about how BPSE can help your organization get the most out of its mobile landscape, feel free to contact us.