Gathering Provider Group Information

Production environments rely on a production-grade security provider (commonly an LDAP directory) to authenticate administrators. To map the SUP default logical roles to the corresponding physical roles in the security provider, you must understand how the provider organizes users into groups.

Consider which users need to be in the SUP Administrator, SUP Domain Administrator, and SUP Helpdesk roles, then identify or create groups in your provider that corresponding to these roles.

Note: If you have installed an earlier version of SAP Mobile Platform as part of a development deployment, you may have an OpenDS LDAP server running in your environment, and both SAP Mobile Platform and SAP Control Center may be using this directory. SAP no longer uses this directory and strongly encourages you to use a different LDAP directory.

Evaluate existing groups.
If there are existing groups that seem to already contain the right subjects that correspond to SUP Administrator, SUP Domain Administrator, and SUP Helpdesk platform roles, you can use those groups. The names need not be exact, as you can map them in SAP Control Center to address any differences.
If no sufficient group exists, add them for SAP Mobile Platform.
Add subjects to these groups to assign SAP Mobile Platform corresponding permissions.
Determine what values are needed for the login module properties in SAP Mobile Platform.
For example, for an LDAP login module you need values for the providerURL, serverType, bind user, bind password, search base and so on.