Skip to Content
Author's profile photo Thomas Saueressig

End-to-end consumer expectation in enterprise mobility – our employees as first customers


Some time ago, we had a question in recruiting tests at SAP that asked applicants for certain job profiles: „How would you explain the internet to your grandparents? “

I am not sure whether they still use that question. But I am sure that many of today’s youngsters wouldn’t need to explain something like this to their parents or grandparents, because these people today simply use their tablet computers and ultra-mobile laptops.

They just use it because it’s so simple.

That’s basically what average mobile users today expect from consumer products: They know that there is a complex technology somewhere behind the surface, but they expect from their vendors to provide them an intuitive user experience without any questions.

You might think an IT company like SAP is not average in that sense. But like any other company, we have hundreds and thousands of employees who – with good cause – expect that their equipment is ready to use as soon as they hold it in their hands. They don’t want to know about VPN, Single Sign On, mobile gateways, certificates, all these technical details. They want to sell, consult… work.

On the other hand, SAP couldn’t do serious business without highest security, quality, and confidentiality standards. Now, try to match this with consumer-oriented usability expectations and explain to our users why they should need to execute manual configuration steps after having received their new smartphone or a tablet.

This is why meeting our internal customer’s expectations starts by analyzing business and technical requirements first, then by trying to hide all complexity behind a seamlessly integrated and simplified consumer experience.

This is a holistic approach and, admittedly, a challenge for our internal IT. I call it the end-to-end expectation of our internal users that we need to meet:



Ordering a new device starts in our web-based SRM Shopping system. Similar to popular online stores, you can inform yourself about available goods by checking product pictures, descriptions, and prices; after you have put an item into the shopping cart and checked out, you can track status updates and whether your manager approved the purchase. All this can also be done with mobile apps we issue to our employees.


With every new mobile device, the user at SAP receives basic instructions on what is needed to go productive, to be able to use a device within the corporate network infrastructure, connect to internal business systems and receive corporate e-mails. There is a self-service portal available where users can enroll their devices by following a simple setup process and guided procedure.

These steps currently include:

  • The enrollment with Afaria, our mobile device management. With Afaria, we are able to remotely control lost or stolen devices; we can push important updates, certificates, and configuration files to every mobile client;
  • The installation of Single Sign On to securely obtain the required X.509 certificate on each mobile device.

From my perspective, this is the part that doesn’t match with today’s end-user expectation. So, this is why we are working on reducing the steps needed with Afaria and on integrating an SSO push. We are not completely there yet, but my goal is that you do not need to do much more with a new device but register with your SAP user name and password (that all SAP employees knows off pat), and you are done. This intelligent setup would mean that by just providing your credentials and maybe the asset or phone number of your device, all necessary user profiles, certificates, settings, and apps are pushed to your device from SAP Afaria, and all this will be done completely invisible in the background. This would also include the provisioning of role-specific apps, such as tools for managers, sales staff, or marketing professionals.


Now that you have the settings and relevant apps on your device, you will also find an icon that leads you directly to the SAP Internal Store. This app store is the enterprise equivalent to iTunes or Google Play and an SAP-own product. It is the single place to go to for apps you can use internally at SAP, heavily promoted on our intranet pages and integrated into the SAP Employee Network. It is available on all devices and operating systems, and provides applications and services for all available platforms.

Apps that are rolled-out internally using the SAP internal Store must meet the following quality and usability criteria:

  • Auto-update: Basically a simple line of code that tells the app to check for updates on the Store, auto-update allows users to always update to the latest version of an app. Furthermore, it enables our development to quickly react on changes coming from outside SAP, such as a new iOS or Android versions that demand adjustments to our apps. However, to avoid trouble with different operating systems and deployment structures, we more and more recommend HTML5-based apps for usage scenarios, such as approval workflows. SAP Fiori – currently implemented internally – is an excellent example.
  • Predefined server credentials + zero configuration: Users should not need to execute complicated configuration steps or enter URLs into app settings – upon installation; apps just need to work.
  • SSO enablement: Users should not be asked to enter further user names or passwords – Single Sign On must do the job.
  • VPN-less access: Users should not need to open one or two VPN-login apps before being able to execute the business app they want to use. This simply results in not using a business app. So, we are updating more and more apps to support a “VPN-less” access to our internal systems, utilizing the SAP Mobile Platform (SUP) and the HANA Cloud Connector.
  • In-app help, feedback option: Mobile apps and social media offer as a new means to shorten the lines between questions and answers: First, our mobile apps need to be as self-explaining as possible. Second, if there is a certain complexity, we try to avoid later tickets and questions by offering simple and quick instructions within the app. Third, we integrate this documentation with our internal social media, mainly SAP Jam, to allow users to easily find help and answers from the community. In-app features such as the “frustration shake” which uses the internal motion sensor of the device to direct you to IT tickets or feedback e-mails, allow you to directly approach app developers and support specialists.

This is for sure just an extract of the most important quality standards, as mentioned a beautiful UI/UX as well as detailed security requirements complement those.


You can dial one of the 911-like support numbers or head for a Mobile Solutions Center nearby, where the colleagues are trained to offer first-level support for the most important apps. Combined with in-app help and feedback options, this already resulted in a drastic reduction of our internal support tickets.

All in all, you see that there are many single chain links and technologies with a high grade of complexity we need to analyze and improve — before we can say “it just works”. Most importantly, these efforts remain invisible to our customers. Only if we meet – or better: exceed – the expectations of our internal users, this will pay off in the end. It’s just on major bonus that these internal users will be able to transport their positive experience to our customers.

Join me next time, when I will talk about

Enterprise mobility strategy – the details a mobile-enabled company needs to think about

Insights into a mobilized enterprise series

1 – Mobile at SAP – Insights into a mobilized enterprise

2 – End-to-end consumer expectation in enterprise mobility – our employees as first customers

3 – Enterprise mobility strategy – the details a mobile-enabled company needs to think about

4 – Internal mobile projects and mobile development at SAP

5 – Internal mobile support – “genius bars” and direct contact to developers

6 – Usability AND security – deep dive on internal security, VPN-less access, device management, and gateways.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Jitendra Kansal
      Jitendra Kansal

      Hi Thomas,

      really worth reading blog. Especially "Deployment" section gave very idea.

      I could imagine end to end consumer expectation process. Looking forward to next blog.



      Author's profile photo Thomas Saueressig
      Thomas Saueressig
      Blog Post Author

      thanks! will try to publish one blog per week