3743733 - Concern about _admin usage

This article clarifies the correct usage of _admin credentials in SAP Customer Data Cloud (CDC) and explicitly explains why they must never be used, stored, or exposed in customer-facing authentication flows, including mobile applications and biometric login implementations.

It also addresses common misconceptions where biometric authentication (e.g. fingerprint / Face ID) is incorrectly assumed to justify or secure the use of privileged credentials.

• SAP Customer Data Cloud (CDC)
• CDC Admin Console / Admin API
• CDC Mobile SDK (iOS / Android / React Native plugin)
• React Native applications using SAP gigya-react-native-plugin
• Authentication flows involving sessionToken, OTP, or accounts APIs
• Mobile applications implementing biometric authentication (Face ID / Fingerprint)

SAP Customer Data Cloud, CDC, Gigya, Mobile SDK, React Native SDK, gigya-react-native-plugin, _admin credentials, admin API misuse, accounts.login, accounts.otp, OTP authentication, sessionToken, session management, authentication flow, biometric login, fingerprint login, Face ID login, passwordless login, mobile authentication, secure storage, Keychain, Keystore, backend authentication, identity architecture, privilege escalation, security best practices, SSO, OIDC, OAuth, Professional Services, authentication design, session hijacking risk, admin credentials exposure, API security, CDC mobile app integration, user authentication flow, CDC security model , KBA , CEC-PRO-SYS , System (Network, Performance, SMTP, Rate Limits, Latency) , Problem