on 02-24-2016 12:17 PM
Is there any way to add a two factors authentication to Successfactors?
If Yes, is there any implementation guide for this explaining the desired configures in provisioning?
Thanks And regards
Reem Amr Khairy
Hello Reem,
There are two products from SAP that offer two-factor authentication for SAP and non-SAP applications like SuccessFactors that are SAML Service Providers.
The first product is the SAP Single Sign-On (supports TOTP, RSA, SMS, e-mail) and the second one is our SaaS solution SAP Cloud Identity (supports TOTP).
When you decide to use the SAP Single Sign-On product capabilities you have to implement the on premise SAML IDP, to configure the SAML trust between our SAML IDP and the SuccessFactors SAML SP. The on premise SAML IDP needs to be configured to use the TOTPLoginModule, here is one guide that describes how to use the TOTPLoginModule for two-factor authentication: Simple Configuration Example for Implementing Two-Factor Authentication (2FA)
You can use as two-factor authentication not only TOTP passcodes but you can configure also RSA codes or even to send the code as an SMS to users who's mobile devices are not smart phones. This solution could be combined with risk-based authentication capabilities and you can decide when to ask the user for the 2FA passcode (for example when the user is coming from an external IP adress)
The same solution is available also with SAP Cloud Identity(SCI). Once you subscribe for the service and configure the trust between the SCI (SAML IDP) and the SuccessFactors (SAML SP), you can simply enable two-factor authentication for all authentications or for certain users and IP ranges. See some details here:SAP Cloud Identity Service
I hope this is helpful.
Regards,
Donka Dimitrova
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Donka,
That was very helpful actually.
let me check something with you, is there any detailed guide to enabling " the SuccessFactors (SAML SP)" in the SuccessFactors provisioning? as i can't find one specific guide to the provisioning thing including the actual steps and so, could you help with this?
and should i use the "SAML v2 SSO" ?
Thank you so much your help is much appreciated.
Regards
Reem Amr Khairy
Hello Reem,
Here in this guide (chapter 2.3) you will find info how to configure SAML trust on the SuccessFactors side:
Chapter 2.2 is how to configure SuccessFactors as a trusted SP for our SAP SAML Identity Provider (running on AS JAVA) coming with the SAP Single Sign-On product.
Regards,
Donka Dimitrova
Hello donka.dimitrova and colt
My QR code for an account was set on the phone which is dead now. When I login to Onboarding Super Admin its asking me passcode also when I login to account.sap.com I am unable to deactivate TOTP as its asking for Passcode.
Please advice
Regards,
Varsha Naik
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.