SAP SuccessFactors Two-Factor Authentication (TOTP) for Password user’s integration via SAP Cloud Platform Identity Authentication (IAS) with Microsoft Authenticator App and Technical Step by Step guide

Introduction

In this blog post I have shared my experience about how to perform the SAP SuccessFactors Two-Factor Authentication (TOTP) for Password user’s integration via SAP Cloud Platform Identity Authentication (IAS) with Microsoft Authenticator App. Please find the below example where have selected the Microsoft Authenticator.

Two-Factor Authentication (TOTP) is a process where a user is prompted during the sign-in process with password for an additional form of identification. The Microsoft Authenticator application displays the time-based, one-time passwords (TOTP) helps to safeguard access to data and applications of the target system while maintaining password login users. It acts as an extra layer of security check to verify a user’s identity by requiring a second form of authentication. You can also use other authenticators such as SAP or Google Authenticator.

The users need to access SuccessFactors via the web application and need to enter correct username and password. As a second step, they are asked to enter a passcode, and then the authentication to the application will be successful.

First Step:

• User tries to access SuccessFactors via the web application.
• SuccessFactors checks if user is authenticated within the system and redirects the request to SAP IAS.
• SAP IAS requests the user to provide a user identifier in the login screen.

Second Step:

• First time login user needs to download and install the Microsoft Authenticator app.

Download and install the app

• Install the latest version of the Microsoft Authenticator app, based on your operating system:
• Google Android. On your Android device, go to Google Play to download and install the Microsoft Authenticator app.
• Apple iOS. On your Apple iOS device, go to the App Store to download and install the Microsoft Authenticator app.

Sign in with a QR code

• Add an account by scanning a QR Code
• Open the Microsoft Authenticator app, select the plus icon Select the plus icon on either iOS or Android devices and select Add account, and then select Work or school account, followed by Scan a QR Code. If you don’t have an account set up in the Authenticator app, you’ll see a large blue button that says Add account.

• If the user has a device already registered to generate passcodes for the two-factor authentication, she or he just has to enter the passcode from the mobile device, and will log on to the application.

Successful authentication to the application.

Technical Step by Step Procedure:

1. Login IAS with your administrator’s credentials.
2. Once you enter the Administration Console of Identity Authentication service, in the left menu, go to “Applications and Resources” -> “Applications”
3. Choose your application from the list of applications on the left side.
4. Navigate to the “Authentication and Access“tab
5. Choose “Risk-Based Authentication”

• Create a group for password users or External users.

Example: PWD_USERS

• Add a rule for “Two-Factor Authentication” and assign the “PWD_USERS” group click “Save”.

6. Assign password users to “PWD_USERS” group.

Conclusion

Now SAP SuccessFactors Two-Factor Authentication (TOTP) for Password user’s integration via SAP Cloud Platform Identity Authentication (IAS) with Microsoft Authenticator App is completed. We should first implement it in a non-prod system and perform tests before deploying it in Production system.

Hope this information is helpful !

Thank you for taking the time to read and leave your comments below!