Home
SMP Configurations after Installing Innovapptive Products
This section guides you with the required SMP Configurations after installing Innovapptive Mobile Products.
Authenticate users using X.509 Authentication
Authenticate an end user using X.509 Server and manage communication between SMP and Gateway system using HTTPs ports.

Title and Copyright
Copyright and Terms of Use for the Post Install or Post Upgrade Configurations Guide for mAssetTag, mWorkOrder, mInventory, mServiceOrder, mWorkList and all other solutions of Connected Workforce Platform^TM.
Preface
Understand audience, know related documents and products and conventions followed in this document.
Post-Install or Post-Upgrade Configurations for Innovapptive Products
This guide contains instructions for post install or post upgrade configurations for both SCP and SMP environments. Depending on the platform you are on, choose your configuration path.
SCP Configurations after Installing Innovapptive Products
This section guides you with the required SCP Configurations after installing Innovapptive Mobile Products.
SMP Configurations after Installing Innovapptive Products
This section guides you with the required SMP Configurations after installing Innovapptive Mobile Products.
- Access SMP Management Cockpit
  Use SMP Management Cockpit to deploy, manage, and monitor SMP-based applications, user registrations, and device connections.
- Define Application Authentication
  Define authentication for your applications that are being deployed on SMP.
- Authenticate users using HTTP Authentication
  Configure Innovapptive products on SMP Server and set up HTTP communication between SMP and Gateway System.
- Authenticate users using HTTPs Authentication
  Set up HTTPs communication between SMP and Gateway System.
- Authenticate users using LDAP Server
  Authenticate an end user using LDAP Authentication and manage communication between SMP and Gateway system using HTTPs ports.
- Authenticate users using SAML Authentication
  Authenticate an end user using SAML/ADFS Server and manage communication between SMP and Gateway system using HTTPs ports.
- Authenticate users using X.509 Authentication
  Authenticate an end user using X.509 Server and manage communication between SMP and Gateway system using HTTPs ports.
  - Generate certificates for X509 Authentication
    Learn how to generate User Certificate and Technical Certificate and sign it by the Root Certificate.
  - Import a Certificate to Create Rule
  - Test the Certificate on a Browser
    Test the URL from the Gateway Sandbox to ensure the certificate is working.
  - Create Security Profile for X509-Based Authentication
  - Create an Application using X509-Based Authentication
  - Test X509 authentication using RESTClient
- Integrate SMP with Azure AD
- Configure Push Notifications for SMP
  Field workers gets an alert when an item to which he /she is tagged to is created or modified. However, if the app is not launched on the device, they do not receive these alerts. You must configure Push Notifications to send the alerts to the workers even when the app is not opened in the device.
- Manage Resource File in SMP
  Resource File in SMP helps you centrally administer and manage common settings.
Configure Roles and Authorization for Products
Configure roles and provide authorizations to do tasks using Innovapptive products.

Authenticate users using X.509 Authentication

Authenticate an end user using X.509 Server and manage communication between SMP and Gateway system using HTTPs ports.

Rule-based certificate mapping (transaction CERTRULE) enables mapping of users from parts of the subject or the subject alternative name of an X.509 certificate for a given issuer to the user ID or alias of a user master record. With a few rules, you can enable logon with X.509 certificates for all users. The tool also enables you to load an X.509 certificate and check if a rule applies to the certificate and if the certificate maps to a user. For individual users that do not map to the rules you create, you can create exceptions.

Ensure you have,

Access to SAP Mobile Platform as an Administrator (SMP Admin Cockpit)
Access to SAP Gateway System
GW Basis roles
List of Gateway documents that need to be checked
Completed configuration as described in Authenticate users using HTTPs Authentication
Authorization objects:
- CC control center: System administration (S_RZL_ADM)
  - Activity 03 grants display authorizations.
  - Activity 01 grants change authorizations.
User Master Maintenance: User Groups (S_USER_GRP)
- Activity 03 grants display authorizations.
- Activity 02 grants change authorizations.
- Class: Enter the names of user groups for which the administrator can maintain explicit mappings.
Enabled the login/certificate_ mapping_ rulebased profile parameter
- Go to RZ11 or RZ10.
- Maintain the profile parameter login/certificate_mapping_rulebased value to 1.
- Save the settings and close.
Figure 1. Rule Based Profile Parameter

Alias for the SAP User Name (Required for Innovapptive, as Certificate does not have SAP User Name)

Note: Once enabled, rule-based mapping replaces manual mapping in the table USREXTID. If you use the table USREXTID for certificate mapping, use transaction CERTRULE_MIG to create a set of rules based on your current entries.