Skip to Content

Reset the login data in the Jam App for 2FA

Hello experts,

is there the possibility to automatically reset/delete the login data with closing the Jam App? Can I make this setting as Jam admin somewhere?

Following Scenario: We want to use the two-factor-authentication (2FA) in our company for the access to SAP Jam from outside the company network. But in the Jam App on the mobile device the login data is saved and so I am not asked for a second factor (one-time-password OTP), if I am using the Jam App outside the company network and have previously used it inside the company Network... That's not ideal.

Note: The user provisioning is through SCP IAS.

Does someone has ideas how to solve this issue or is there a setting that I can delete login data in the Jam App everytime the app is closed?

Thank you very much for help in advance!

Best regards,

Deborah

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Nov 29, 2017 at 02:18 PM

    I can assure you that the app technically doesn't save any credentials! After successful initial authorization through your IdP (such as IAS) it authorizes the user using OAuth bearer tokens. So no username or password is stored anywhere in the app.

    This authorization is independent from whether you are using your mobile phone within your corporate network or outside of it. It has nothing to do with your network.

    I'm not so sure about 2FA. I think that would only be possible for the initial authorization via configuration for IAS. But you can require an app passcode. That would be an additional security mechanism. See here: https://help.sap.com/viewer/u_admin_help/4a537816b03747e985d34c6e771baab6.html

    Add comment
    10|10000 characters needed characters exceeded

    • For the initial authorization of the mobile app you have to do a 2FA when authenticating on your IdP (= IAS).

      But afterwards there's no additional 2FA required anymore. That is standard behavior at the moment, yes.

      As Karl mentioned we would be interested to learn more about your concerns when accessing SAP Jam from outside your corporate network.

  • avatar image
    Former Member
    Nov 30, 2017 at 12:44 AM

    Hi Deborah,

    As Christian mentioned in his comment above, credentials are never saved. As with most mobile app in market, consumer or business, SAP Jam app adopts an authenticate and activate approach, as entering detailed credentials on a mobile device on every access does not lend well to a mobile usage model. Instead of authenticating the user every time, we protect sensitive information from unauthorized access via an administrator enforceable app passcode/password/fingerprint scan.

    I am very interested in the underlying security concerns. What are the concerns over accessing SAP Jam mobile app outside the corporate network? Having to use 2FA to login with every session, would users actually use the mobile app? Perhaps there are security concerns over accessing SAP Jam outside of company network that I can address?

    Thanks, Karl

    Add comment
    10|10000 characters needed characters exceeded