Mobile Single Sign-On solution for Cloud Applications is available with the latest version of the SAP Single Sign-On 2.0 SP04.
Mobile SSO solution is based on the Time-based One-Time Password (TOTP) Algorithm of the open standard RFC 6238. This algorithm computes a one-time passcode from a shared secret key and a current time. The server side of the TOTP implementation is an add-on module for SAP NetWeaver Application Server (AS) Java and it is part of the SAP Single Sign-On 2.0 product. SAP Authenticator is the mobile application for the TOTP Client and it is available for iOS and Android platforms.
How Mobile Single Sign-On for Cloud Applications Works:
Once the solution is implemented, mobile users will be able to use cloud applications on their devices after a single click on a bookmark.
When the user clicks on the respective cloud application bookmark, the SAP Authenticator generates a passcode and creates a URL adding the username and the passcode to it. SAP Authenticator sends this URL to the browser and then browser opens the URL that leads to the cloud application.
The cloud application sends the username and the passcode for verification to the on-premise AS Java system via the SAP HANA Cloud Connector. The verification of credentials is performed by the AS Java system and the user profile information is retrieved from the corporate LDAP.
When the verification of credentials is successful, the authentication result and the user profile information are sent back to the cloud application and the application is securely opened on the mobile device.
For more details about the solution and a step-by-step guide, how to enable mobile single sign-on for Cloud Applications using One-Time Password Authentication mechanism, see: