Identity Authentication is a full web browser-based application, with all access over HTTPS. Every page of the Identity Authentication application is currently delivered via Transport Layer Security (TLS). Access to Identity Authentication is encrypted-in-transit over HTTPS using 256-bit TLS encryption.
Identity Authentication does not store plain text passwords in the database, but only their iterated random-salted secure hash values. The random salt is at least 512 bits, and it is different for each password. Only generic hash functions are used with a minimum of 512 bits key length. No default passwords are delivered, used, or accepted anywhere.
Identity Authentication can use also passwords from on-premise systems for user authentication. These passwords are not stored by Identity Authentication. It sends the user ID and the password for authentication to the on-premise system via the Transport Layer Security (TLS) connection. The management of these passwords depends on the integrated on-premise system that supports them, for example, Microsoft Active Directory.
Identity Authentication supports three levels of password security. You should use the highest level of security that matches the requirements of your application. The passwords are managed based on password policy rules. For more information, see Configuring Password Policies.
Session cookies in Identity Authentication are protected with a Transport Layer Security (TLS) and with the Secure and HttpOnly attributes. You do not need to make any additional configurations for Identity Authentication.
Identity Authentication is set up in a fenced network, separated from the SAP internal network.
Customer applications run in a shared environment where the business data is isolated from each other, the SAP BTP services use a shared SAP BTP infrastructure. The internal traffic is controlled by firewalls. SAP administrative access is done via a terminal service that requires strong authentication.
All communication channels are protected with TLS, and you should configure the cloud application to use TLS and to check the SAML 2.0 signature.
Data storage security is about how Identity Authentication protects its own database. Data storage security is ensured by the isolated tenant that each customer receives. Only tenant-specific requests can access the tenant's database. These requests are performed by a tenant service, which works with a dependency injection framework and makes sure that all the services, for example, the persistence service and the mail service, are injected with the instances dedicated to the given tenant.
You can download a CSV file with a history of operations performed by administrators. For more information, see Export Change Logs with a History of Administration Operations.
You can retrieve the statistics on the number of user logon requests per month. This number is counted on every single authentication managed via Identity Authentication. For more information, see View Usage Statistics.
(Predefined) Use this option to set enhanced password management features. It is stronger than the standard policy but weaker than the custom one.
(Configurable) Use this option to set the strongest password management features for the password policy.
This option is only possible if you have configured a custom password policy in the administration console for Identity Authentication. For more information, see Configure Custom Password Policy.
Based on the configurations for the application, you can be asked to provide a time-based, one-time (TOTP) passcode, generated on a mobile device, a passcode sent via SMS, or a PIN security key. You can choose one of the enabled second-factor authentication methods or press the button to enable a new method.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
30 | |
23 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |