Security and Permissions Requirements

Before installing K2 connect ensure you understand these requirements and how they are used.

In this section we list the supported user managers and user authentication methods.

If authentication errors occur, these errors are written to a text file located in [system root]\system32\dev_rfc.trc. If the errors are related to SAP permissions, contact your SAP System Administrator.

K2 connect offers support for the following user managers.

User Manager Role
Active Directory Manages primary login for user credentials
SQLUM / Custom User Manager Manages primary login for user credentials

Custom user managers are supported, so K2 connect for SAP can be installed in environments where Microsoft Active Directory is either not the primary method for user authentication or is not available.

The use of user managers is extended to the following:

  1. SQLUM
    1. SQLUM is the supported K2 Five user manager and can be selected as an installation option.
    2. SQLUM is configured when K2 Five is installed, but the system can be reconfigured at a later stage to authenticate against SQLUM.
  2. Custom User Manager
    1. Custom user managers are developed independently and are not supported.
    2. To configure your system to use a SQL User Manager, the system is first installed using SQLUM and then once the system is operational it can be reconfigured to use a Custom User Manager.

The Service accounts used by the K2 connect Server enable the service to run and access the various network resources. The K2 connect Server can be run using any suitable domain service accounts for example:

  1. System Account
  2. The installation account, if granted the correct rights
  3. The K2 Service Account, or
  4. A dedicated account for the K2 connect Service

These accounts must be part of the Local Administrators Group. See the Permissions topic for more information.

The recommended permissions are the minimum permissions required to ensure that the Services have access to the system resources required to function correctly. For more information, see the K2 Five Getting Started Guide

K2 connect for SAP utilizes the K2 Service account when it is installed. The same service account would be used a for authentication. If Active Directory is not going to be used, then the SQLUM or a Custom User Manager must be configured first before installing K2 connect. The SQLUM / Custom User Manager must be configured as part of the K2 Five Server installation. K2 connect for SAP makes no distinction functionally between AD or SQLUM and the SSO principles will function in the same manner.

When installing K2 connect for SAP, the service account specified must always be the same service account with the same permissions as the K2 Five Server and must be part of the Local Administrators Group. As an example see the Server Account section in the Standalone Installation topic where the use of the K2 Service Account is required.