Home
Configure Authentications
This section guides you how to set up various authentication mechanisms afterinstalling Innovapptive Mobile Products.
Configure SAML Authentication
Configure Innovapptive products on SAP BTP Server and set up SAML Authentication mechanism to validate users. Also, validate users to backend servers using Principal Propagation.
Establish trust between SAP BTP and ADFS

Title and Copyright
Copyright and Terms of Use for the Post Install or Post Upgrade Configurations Guide for mAssetTag, mWorkOrder, mInventory, and all other solutions of Connected Workforce Platform^TM.
Preface
Understand audience, know related documents and products and conventions followed in this document.
Post-Install or Post-Upgrade Configurations for Innovapptive Products
This guide contains instructions for post install or post upgrade configurations for SAP BTP environment. Depending on the platform you are on, choose your configuration path.
SAP BTP Configurations after Installing Innovapptive Products
This section guides you with the required SAP BTP Configurations after installing Innovapptive Mobile Products.
Configure Authentications
This section guides you how to set up various authentication mechanisms afterinstalling Innovapptive Mobile Products.
- Configure HTTP/HTTPs Authentication
  Configure Innovapptive products on SAP BTP Server and set up HTTP/HTTPs authentication mechanism to validate users. Also, validate users to backend servers using Principal Propagation.
- Configure SAML Authentication
  Configure Innovapptive products on SAP BTP Server and set up SAML Authentication mechanism to validate users. Also, validate users to backend servers using Principal Propagation.
  - Establish trust between SAP BTP and ADFS
  - Add SAP BTP Metadata to ADFS
    After you download Metadata file from SAP BTP, log in to ADFS 2.0 server and copy the Metadata file to Desktop.
  - Add ADFS Metadata to SAP BTP
    To complete trust between SAP BTP and ADFS, you must also add ADFS metadata to SCP.
  - Add Roles to access SAP BTP Development and Operations Cockpit
    Once SAML is enabled, you cannot login with S-User ID. All services and applications are redirected to ADFS for SAML Authentication. Hence, roles added to SAP BTP Development and Operations help users from ADFS to login for administration or development tasks.
  - Configure Cloud Connector to accept SAML Assertion Token
    As Innovapptive servers are set up at various environments, such as Public Cloud and Corporate Network, you use Cloud Connector to securely transmit data from different environments. It is required to establish trust between SAP BTP, Cloud Connector and SAP Gateway System which is on the Corporate Network.
  - Create New Application using SAML Authentication
  - Define SAML SAP BTP Client Password Policy
    Define the client password policy that is used to unlock the DataVault for the applications. Application developers must add code to the DataVault to enforce the client password policy. An administrator must enter the application password policy to unlock the DataVault during application initialization.
- Integrate SAP BTP with Azure AD
Configure Push Notifications for SAP BTP
Field workers gets an alert when an item to which he /she is tagged to is created or modified. However, if the app is not launched on the device, they do not receive these alerts. You must configure Push Notifications to send the alerts to the workers even when the app is not opened in the device.
Manage Resource File in SAP BTP
Resource File in SAP BTP helps you centrally administer and manage common settings.
Configure Roles and Authorization for Products
Configure roles and provide authorizations to do tasks using Innovapptive products.

Establish trust between SAP BTP and ADFS

To establish trust between SAP BTP and ADFS:

Log in to SAP BTP.
Go to SAP BTP Account, Security, Trust.
See that Trust Management and Configuration Type are set to Default, which works on SAP S- User ID or SCN ID.
Click Edit and make the following changes:
- Configuration Type: Custom (Enables to Add Trust connection).
- Local Provider Name: https://hanatrial.ondemand.com/s0015864207trial (should be generated automatically from SAP BTP. URL will be different for each instance based on its ID).
- Signing Key: If the Signing Key is blank, click Generate Key Pair.
- Signing Certificate: If the Signing Certificate is blank, click Generate Key Pair.
- Principal Propagation Enabled.
- Force Authentication: Disabled.
Click Get Metadata link and save it as a local file.
This allows you to add a new Trust Relaying Party in ADFS.