cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Authentication Service with MFA

Go to solution
nerevar
Participant

on ‎07-01-2021 10:12 AM

0 Kudos

Hello

Context: I have a BTP subaccount using a SAP Authentication Service tenant to maintain user access to our custom applications. We need to send a validation code at the first connection of the users to confirm their phone number.

I saw there is a configuration menu in the IAS tenant to use an MFA service (with sms validation code)


I learned SAP sold his MFA solution to Synch. But is it possible to use another service for MFA and sending SMS ? If so how can I do that? is there a standard for MFA Api that will be compatible with the built-in configuration interface?

Thanks for your help.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

istvanbokor
Advisor
Advisor
‎07-02-2021 11:56 AM

Hello nerevar,

Currently, only Sinch Authentication 365 is supported as MFS using SMS via Identity Autehntication.

Best regards,
Istvan

Show replies
Show replies
nerevar
Participant
‎07-02-2021 12:24 PM
0 Kudos

thanks. Any chance that SAP will offer more possibilities on that matter later on?

Answers (2)

Answers (2)

D_Olderdissen
Advisor
Advisor
‎07-05-2021 5:15 PM

Hi Maxime,

you could revisit your requirement of validating the phone number to maybe validate the email address? Or you consider rolling out a OTP generator - also supported - but that would kind of enforce a 2FA for every login. This might then be used with oAuth to extend the session validation and avoid constant OTP code entry.

With a bit of reengineering, you might want to point the outbound IAS SMS to a middle ware service. I do believe, this outbound call is some kind of REST call or the like - nothing fancy at least. Point it to your own service and translate it into a call to your SMS service of your choice. It is not elegant, require some work, but I guess it won`t get much better at the moment I guess.

Or you naturally can sign up with our ex-colleagues at SINCH.

Cheers,
Dirk

Show replies
Show replies
nerevar
Participant
‎07-05-2021 5:30 PM
0 Kudos

Hello,

I had thought about that but I was worried that the "hack" of putting a middleware as a proxy to the existing interface with Synch and redirecting to another service might not work, or at least be a bit to much of engineering. If there is nothing fancy there then I might reconsider this solution also.

Thanks for the input.

D_Olderdissen
Advisor
Advisor
‎07-05-2021 5:46 PM
0 Kudos

nerevar You are spot on - such a proxy would be kind of a hack, it introduces more moving parts that can fail and might even add more security risk surface. As this SMS verification is intended to make things more secure, you should at least consider reaching out to the SINCH people, get a price indication and have your management do that make or buy decision. 😄

Show replies
Show replies
nerevar
Participant
‎07-05-2021 5:49 PM
0 Kudos

Yes we are actually in contact with synch, hopefully we can go with that solution.

Ask a Question