Skip to Content
0

Reset the login data in the Jam App for 2FA

Nov 28, 2017 at 03:51 PM

71

avatar image

Hello experts,

is there the possibility to automatically reset/delete the login data with closing the Jam App? Can I make this setting as Jam admin somewhere?

Following Scenario: We want to use the two-factor-authentication (2FA) in our company for the access to SAP Jam from outside the company network. But in the Jam App on the mobile device the login data is saved and so I am not asked for a second factor (one-time-password OTP), if I am using the Jam App outside the company network and have previously used it inside the company Network... That's not ideal.

Note: The user provisioning is through SCP IAS.

Does someone has ideas how to solve this issue or is there a setting that I can delete login data in the Jam App everytime the app is closed?

Thank you very much for help in advance!

Best regards,

Deborah

10 |10000 characters needed characters left characters exceeded

Christian Happel do you know more in regard to this issue?

0
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Christian Happel
Nov 29, 2017 at 02:18 PM
1

I can assure you that the app technically doesn't save any credentials! After successful initial authorization through your IdP (such as IAS) it authorizes the user using OAuth bearer tokens. So no username or password is stored anywhere in the app.

This authorization is independent from whether you are using your mobile phone within your corporate network or outside of it. It has nothing to do with your network.

I'm not so sure about 2FA. I think that would only be possible for the initial authorization via configuration for IAS. But you can require an app passcode. That would be an additional security mechanism. See here: https://help.sap.com/viewer/u_admin_help/4a537816b03747e985d34c6e771baab6.html

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Hi Christian,

I would assume that if the 2FA is configured for the overall application Jam in SCP IAS, I have to enter the second factor (the OPT) every time I log in to Jam nevertheless if its via the PC or the mobile device...

But is the behaviour I described above the Standard? I just can use a password or fingerprint for the app and the standard is that the 2FA is not obligatory for the mobile App or cannot be configured as obligatory?

Best, Deborah

0

For the initial authorization of the mobile app you have to do a 2FA when authenticating on your IdP (= IAS).

But afterwards there's no additional 2FA required anymore. That is standard behavior at the moment, yes.

As Karl mentioned we would be interested to learn more about your concerns when accessing SAP Jam from outside your corporate network.

0
avatar image
Former Member
Nov 30, 2017 at 12:44 AM
2

Hi Deborah,

As Christian mentioned in his comment above, credentials are never saved. As with most mobile app in market, consumer or business, SAP Jam app adopts an authenticate and activate approach, as entering detailed credentials on a mobile device on every access does not lend well to a mobile usage model. Instead of authenticating the user every time, we protect sensitive information from unauthorized access via an administrator enforceable app passcode/password/fingerprint scan.

I am very interested in the underlying security concerns. What are the concerns over accessing SAP Jam mobile app outside the corporate network? Having to use 2FA to login with every session, would users actually use the mobile app? Perhaps there are security concerns over accessing SAP Jam outside of company network that I can address?

Thanks, Karl

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Hi Karl,

our concerns are generally if the smartphone is lost or unattended and there is no app password used (lot of our users perhaps use the jam app without password) then a third person has directly access to our system...

But then we will enforce that an app password is used...

Best regards, Deborah

0

For iOS also fingerprint authentication is possible. So it's super easy to unlock your app which is secured with a passcode.

Together with a passcode on your phone you then have 2 authentications for the SAP Jam.

0