cancel
Showing results for 
Search instead for 
Did you mean: 

Can SAP CDC generate passcode for TFA which can be sent via Twilio

swapnilpwr
Explorer
0 Kudos

Hi All,

Need help here.

We have a requirement where we need to generate passcode from SAP CDC for TFA and then it can be sent by Twilio for SMS.

Also is it possible to verify generated passcode in SAP CDC.

Please help on this if anyone has idea about this.

Thanks

kobico
Explorer
0 Kudos

Hi There,

SAP CDC has built-in integration with Twilio, where you just need to configure your Twilio credentials in CDC console and it will be automatically sent.

Accepted Solutions (0)

Answers (2)

Answers (2)

Hi Swapnil,

To the point of your follow-up question: "is it possible to generate passcode in SAP CDC". This is technically possible as the TFA flow works through the following API methods:

  1. accounts.tfa.initTFA REST
  2. accounts.tfa.phone.getRegisteredPhoneNumbers REST (optional, but strongly recommended for client-side flows)
  3. accounts.tfa.phone.sendVerificationCode REST
  4. accounts.tfa.phone.completeVerification REST
  5. accounts.tfa.finalizeTFA REST

In step 3, the response of this API when signed using server-side credentials will contain a "phvToken" parameter that contains the code that should have been generated and sent out to the end-user.

That said, I do want to take the opportunity to add a disclaimer that this approach is not that straightforward and I would strongly recommend engaging with SAP's expert/consulting services team if you wish to explore this further. There are quite a few caveats to this including that this doesn't preclude you from having to integrate an SMS provider - i.e. if no valid Twilio or LiveLink credentials are entered into the Gigya admin console the APIs will probably just respond with a persistent error. So there will need to be additional customization done here to activate the custom flow only for phone numbers that are unsupported by Twilio (e.g. using country code as a filter) so users' don't receive redundant SMS.

Additionally, from a product perspective Gigya already supports a secondary option for TFA using the Screen-Sets, which is through TOTP (e.g. Google Authenticator, Microsoft Authenticator, etc.) that would be much easier to integrate as a back-up option for users' who aren't able to receive SMS codes.

Thank you.

Best regards,
Joshua

swapnilpwr
Explorer
0 Kudos

Hi Kobi,

Thank you so much for inputs.

Yes we agree there is built in integration with Twilio. But we can see there is limitation in Twilio to sent SMS in some countries.

To handle that is it possible to generate passcode in SAP CDC.

Please help on this.