TOTP, or Time-based One-time Passwords, is a way to generate short lived authentication tokens commonly used for two-factor authentication (2FA). The algorithm for TOTP is defined in RFC 6238, which means that the open standard can be implemented in a compatible way in multiple applications.
How does TOTP work?
Inputs to the TOTP algorithm include a secret key and your system time. Those get put through a one-way function that creates a truncated, readable token. Because the inputs are available offline, the whole method works offline. This is a great option for users that may have unstable cellular connections for receiving SMS 2FA or for users who want a more secure channel than SMS 2FA.
What is Multi-Factor Authentication (MFA)?
When a system needs to authenticate that you are who you say you are, it can use a variety of factors, or pieces of information, to verify your identity. Many systems just use one factor, like a single password.
Why Use MFA?
Basically, the strength of multi-factor auth is that it gives you an extra layer of security on top of passwords. More generally, MFA protects you when one of your factors is compromised
How to implement TOTP 2FA in your application
Follow the below steps to configure TOTP in your IAS Tenant .. Below activity will be performed by an Administrator.
Add the below Rule to Risk Based Authentication
Now configuration is completed, Now let’s install the Mobile App (Android or iOS) for TOTP
I would prefer SAP Authenticator app to Install in your Mobile device for 2FA ..
And there’s plenty of TOTP app choices the customers can choose for themselves!
Once you installed, let’s try to login to your SAP Commissions Tenant .. you will be redirected to 2FA (Two factor Authentication) Page for first time ..
We recommend scanning a QR code, but you can also enter the key manually. This is how the account and the authenticator app sync the secret key.
Use the scanner on your mobile device to scan the QR Code.
Doneon your mobile device.
- Enter the passcode generated by the SAP Authenticator app into the
Passcodefield provided on the IAS profile page as below.
- Press Activate.
Let’s try again to Login ( you will see your own login Page with Single Sign on enabled)
Here’s a look at how the IAS Application prompts a user to enter the pass-code..
Open your SAP Authenticator App or Authenticator app you had configured from above step and enter the pass-code showing in your app with timely based.
Now I am successfully logged into SAP Commissions Home Page through Single Sign on (SSO) with 2FA
As shown below, Admin can see the Security logs for the users Mechanism for authentication type.
Activate a Device for TOTP Two-Factor Authentication (Help Portal):