Enable Certificate-Based Authentication in your MDK Client

Intermediate

30 min.

mobile development kit client, iOS, SAP Mobile Services, Intermediate, Tutorial, SAP Business Technology Platform, Android, SAP Build Code, SAP Build, Mobile

Create a branded MDK client that can on-board using certificates for authentication.

You will learn

How to define your Mobile Services app to support certificate authentication
How to configure the MDK client
How to build a branded client

Jitendra KansalOctober 26, 2025

Created by

October 4, 2022

Contributors

Prerequisites

Tutorial: Access SAP Mobile Services
Download the latest version of Mobile Development Kit SDK either from the SAP community trial download or SAP Software Center if you are a SAP Mobile Services customer

Step 1
Make sure that you have completed required prerequisites mentioned in this tutorial.

Navigate to SAP Mobile Services admin UI.

On the home screen, click Create New App or navigate to Mobile Applications → Native/MDK → New.

In the Type of Application step, select the Mobile Development Kit (MDK) and choose Next.

In the Basic Info step, provide the required information and choose Next.

Field Value
ID myapp.mdk.certs
Name SAP MDK cert auth App

Other fields are optional. For more information about these fields, see Creating Applications in the SAP documentation.

In the Security Settings step, continue with the default settings and choose Next.

In the Role Settings step, continue with the default settings and choose Next.

In the Assign Features step, continue with the default settings and choose Next.

In the Review step, you can verify the details of the application definition that you are creating. Make sure all the details are correct. Choose Edit to make any necessary modifications to the section. Choose Finish to create the mobile application configuration.

If you see a Application is without Role Settings warning message, choose OK. You may assign roles after the app has been configured, if needed.

Once you have created your application, you see a list of default features have been automatically assigned to the app.

You can find more information on available features in SAP Mobile Services in help documentation.
Step 2
When you configure an MDK app in Mobile Service admin UI, OAuth security is assigned to the app by default.

To enable certificate based authentication, you need to modify Redirect URL in Security configuration.

Click the Security tile.

Click pencil icon to make changes to default configuration.

Replace the Redirect URL with mdkcertclient://oauth2redirect parameter, and click OK to save the changes. This Redirect URL needs to be added in the AllowedDomains property while building your branded client (step 3.5).

mdkcertclient is an URL scheme for your branded MDK client, you will use this value in step 3.3.

oauth2redirect is just a random path. It could be any value.

To build your client,

you can either use Cloud Build service option to build a standard MDK client by selecting Allow Certificate option or upload the mdkproject to build a customized MDK client.

OR build your branded client locally using MDK SDK as mentioned in below steps.
Step 3
Make sure you are choosing the right development platform tab above.

Make sure that you have already completed steps 1 & 2 from Build Your Mobile Development Kit Client Using MDK SDK tutorial.

Which properties are part of ConnectionSettings in BrandedSettings.json file?
AppId
AllowCerts
ClientId
UrlScheme
Step 4
Make sure you are choosing the right development platform tab above.

This name of this folder is based on the <App Name> provided in the MDKProject.json file and this is the MDK client application generated project.
Step 5
Make sure you are choosing the right device platform tab above.

What is the default value for AppVersion in the MDKProject.json?