Skip to content

Change Service Account

This page shows how to run the Board Connector service under a dedicated Windows domain user account. After the installation, the Board Connector service runs under a virtual service account by default.

The following scenarios require the service to run under a dedicated Windows domain user account:

Basic Settings

  1. Create a Windows AD service account and assign an SPN (Service Principle Name) to the service account in the following format: HTTP/[FQDN of BC Server].

    Tip

    Use the setspn command to check the SPNs of a user account.

    service account

  2. Grant access rights to the installation folder of Board Connector and all sub folders to the service account as shown in the following screenshot:
    service account permissions

  3. If applicable, make sure the service account has Read access to the private key of the X.509 certificate used by Board Connector.
    service account private key 1 service account private key 2
  4. Let the Board Connector service run under the service account. Make sure to use the correct domain, e.g., .company.local instead of .company.com.
    service account services
  5. In the Board Connector Designer startup window "Connect to Board Connector Server", set Authentication to Windows credentials or Custom Credentials (Kerberos authentication).
    service account login
  6. Enter the User Principal Name (UPN) of the service account in the Target Principal field. For more information, see Knowledge Base Article: Target Principal Field.

Settings for SSO with Kerberos SNC

When using SSO with Kerberos SNC additional steps are necessary:

  1. Set constrained delegation for the Windows domain account under which the Board Connector Service runs.
    service_account_constr_deleg
  2. Enter the SPN of the service account under which the SAP ABAP application server is running (SAP Service Account), e.g., SAPServiceERP/do_not_care.
    For more information about the partner name notation in SAP, see the SAP Help: Preparing the Primary Application Server Instance.


Last update: August 9, 2024