Pre-Authentication for Broker Manager
Broker Manager requires a separate log in. The pre-authentication security setting in the Cloud Console specifies whether advanced event mesh account users log in automatically to Broker Manager when they open it from the Cloud Console, or if are required to log in manually.
Pre-authentication is enabled by default. When launching Broker Manager from advanced event mesh for SAP Integration Suite, all account users log in automatically . If you disable pre-authentication, account users must log in to Broker Manager for all new sessions.
Using pre-authentication passes the unencrypted username and password in the URL, which can be considered insecure by some organizations. SAP recommends that you align your authentication settings with your organization's security policies.
Considerations for Setting SAP Pre-Authentication Security
- Ensure that you have an Administrator role in the account to modify this setting. For instructions, refer to Managing Users, Roles, and Permissions.
- When pre-authentication is disabled, a separate login prompt appears that requires users to enter their username and password for all new sessions with the event broker service.
- You can find the username and password on the Status tab for the service details in the Management Username and Management Password fields.
-
Regardless of whether you enable or disable pre-authentication, if your event broker services are deployed in a private network [customer-controlled Virtual Private Cloud/Virtual Network (VPC/VNet)], it is possible that you can connect from a public IP address to the Cloud Console (outside of your private network) to create and configure event broker services, but can't connect to Broker Manager.
The ability to connect to Broker Manager depends on the networking configuration of your private network (i.e., most private networks use 10.x.y.z, 172.x.y.z, or 192.x.y.z as IP addresses which are not accessible from a public network). If your networking configuration permits it, you may connect to Broker Manager when it's deployed in a private network if you:
- use a VPN connection such as a VPN client on your computer (or AWS VPN) to connect to the VPC/VNet
- have VNet peering (Azure) or VPC peering (AWS) configured between the network from where you're connected, to the private network where the event broker services are deployed
- have a DNS mapping from the event broker service to your private network. Contact SAP to configure this DNS mapping request.
Configuring SAP Pre-Authentication Security
To configure SAP pre-authentication security, perform these steps:
- Log in to the Cloud Console if you haven't done so yet.
- On the navigation bar, click User & Account and select Account Details.
- On the Account Details page, select the Account Settings tab.
- On the Security Settings tile, enable or disable the SAP Pre Authentication toggle. When disabled, launching Broker Manager from the Cloud Console requires users to authenticate themselves for all new sessions. When enabled, users log in automatically when launching Broker Manager.