How to connect SAP Authenticator applications via AirWatch Browser
Scenario:
Following is not our standard SAP Best practices for connecting SAP applications from Out Of Office Network. However, few SAP customers use AirWatch as their MDM tool and in such scenarios, if customer decided to leverage SAP Authenticator SSO functionalities then following information might be helpful.
Issue:
Using the AirWatch browser, any corporate mobile user outside of the corporate network will have provision to connect internal SAP resources such as SAP Portal, Fiori, etc. For iOS devices, SAP Authenticator by default opens Safari browser and so cannot connect to the network.
Solution:
With a small change, you can use SAP Authenticator in conjunction with AirWarch browser – No coding is required! Following is the simple example for Fiori Scenario:
Standard http scenario
for AirWatch http Scenario, replace http with awb:
awb://host:port/path?j_username=[username]&j_passcode=[passcode]
Standard https scenario
for AirWatch Secured Scenario, replace https with awbs:
awbs://host:port/path?j_username=[username]&j_passcode=[passcode]
Important Notes:
- SAP Authenticator multi-factor authentication scenarios (X.509 Cert with Passcode) and X.509 certificate based authentication will not work with AirWatch Browser
- AirWatch Browser is not in SAP UI5 supported browser list so there is no 100% guarantee that if everything from SAP UI perspective will work
- TOTP based Passcodes for SSO is supported
SAP UI5 Supported Browsers:
Hi Kiran,
Great work!
I'm looking at a similar architecture in our organisation.
It would have been ideal if the AirWatch browser supported spNego but at this time it does not.
This means I'm now looking at SAP Authenticator too so i've a couple of questions:-
1. Did you deliver the SAP Authenicicator through the AirWatch App store?
2. Were you able to preconfigure the SAP Authenticator with settings to open the Fiori Launchpad?
3. What's the user feedback been like?
Regards
Des
Hi Des,
Thanks for your comments.
1. Did you deliver the SAP Authenticator through the AirWatch App store?
You can either download from iTunes,/Google Play or can be managed by AirWatch app store.
http://help.sap.com/saphelp_nwsso20/helpdata/en/30/996d4601fa447c8d905e47550492fb/content.htm
2. Were you able to preconfigure the SAP Authenticator with settings to open the Fiori Launchpad?
.
This is possible with SAP Authentication Configuration in the administrative UI.
3. What's the user feedback been like?
No complains but as I mentioned, this is not our standard best practice- only a specific customer scenario.
Regards,
Kiran
Hi Kiran,
Thanks for sharing the information.
We are facing issues with airwatch browser. All the synchronous ODATA Create or batch calls are getting timed out. However, synchronous or Get calls are working fine.
Did you face any thing similar in your landscape.
Regards,
Sarbjeet Singh
Hi Sarbjeet,
We haven't faced any timeout issues.
Regards,
Kiran
Hi Kiran,
Thanks for sharing the information.
Very informative ..
Regards
Ramesh