Technical Articles
SAP Commissions – Enable TOTP(2MFA) from IAS
TOTP, or Time-based One-time Passwords, is a way to generate short lived authentication tokens commonly used for two-factor authentication (2FA). The algorithm for TOTP is defined in RFC 6238, which means that the open standard can be implemented in a compatible way in multiple applications.
How does TOTP work?
Inputs to the TOTP algorithm include a secret key and your system time. Those get put through a one-way function that creates a truncated, readable token. Because the inputs are available offline, the whole method works offline. This is a great option for users that may have unstable cellular connections for receiving SMS 2FA or for users who want a more secure channel than SMS 2FA.
What is Multi-Factor Authentication (MFA)?
When a system needs to authenticate that you are who you say you are, it can use a variety of factors, or pieces of information, to verify your identity. Many systems just use one factor, like a single password.
Why Use MFA?
Basically, the strength of multi-factor auth is that it gives you an extra layer of security on top of passwords. More generally, MFA protects you when one of your factors is compromised
How to implement TOTP 2FA in your application
Follow the below steps to configure TOTP in your IAS Tenant .. Below activity will be performed by an Administrator.
Add the below Rule to Risk Based Authentication
Now configuration is completed, Now let’s install the Mobile App (Android or iOS) for TOTP
I would prefer SAP Authenticator app to Install in your Mobile device for 2FA ..
And there’s plenty of TOTP app choices the customers can choose for themselves!
Once you installed, let’s try to login to your SAP Commissions Tenant .. you will be redirected to 2FA (Two factor Authentication) Page for first time ..
We recommend scanning a QR code, but you can also enter the key manually. This is how the account and the authenticator app sync the secret key.
Use the scanner on your mobile device to scan the QR Code.
- Tap
Done
on your mobile device. - Enter the passcode generated by the SAP Authenticator app into the
Passcode
field provided on the IAS profile page as below. - Press Activate.
Let’s try again to Login ( you will see your own login Page with Single Sign on enabled)
Here’s a look at how the IAS Application prompts a user to enter the pass-code..
Open your SAP Authenticator App or Authenticator app you had configured from above step and enter the pass-code showing in your app with timely based.
Now I am successfully logged into SAP Commissions Home Page through Single Sign on (SSO) with 2FA
As shown below, Admin can see the Security logs for the users Mechanism for authentication type.
Activate a Device for TOTP Two-Factor Authentication (Help Portal): https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/ab8a3237cd424a0c97b921100d263b8a.html
Thanks, for reading it till the end. 🙏
Hope you find that helpful! Let me know your thoughts on this in the comments section.
Don’t forget to share this article with your friends or colleagues.
Feel free to connect with me on any of the platforms below! 🚀
Hello Yogananda,
Thank you for detailed blog on TOTP web authentication.
We have an existing SSO login followed by MFA(Microsoft) authentication in our company for SF or non-SF applications and now we are configuring SAP IAS for SF instance. So do we need to configure Risk based authentication again ?
Any inputs on this scenario is highly appreciated.
Hi Ashok Kumar
Its not required since its already taken care by your Identitiy Provider.
If you still want to enable on top of it, yes you can but it would be more difficult for users to sign in and most complicated for authentication but it would be tight security.
Thank you Yogananda