Need help here.
We have a requirement where we need to generate passcode from SAP CDC for TFA and then it can be sent by Twilio for SMS.
Also is it possible to verify generated passcode in SAP CDC.
Please help on this if anyone has idea about this.
To the point of your follow-up question: "is it possible to generate passcode in SAP CDC". This is technically possible as the TFA flow works through the following API methods:
In step 3, the response of this API when signed using server-side credentials will contain a "phvToken" parameter that contains the code that should have been generated and sent out to the end-user.
That said, I do want to take the opportunity to add a disclaimer that this approach is not that straightforward and I would strongly recommend engaging with SAP's expert/consulting services team if you wish to explore this further. There are quite a few caveats to this including that this doesn't preclude you from having to integrate an SMS provider - i.e. if no valid Twilio or LiveLink credentials are entered into the Gigya admin console the APIs will probably just respond with a persistent error. So there will need to be additional customization done here to activate the custom flow only for phone numbers that are unsupported by Twilio (e.g. using country code as a filter) so users' don't receive redundant SMS.
Additionally, from a product perspective Gigya already supports a secondary option for TFA using the Screen-Sets, which is through TOTP (e.g. Google Authenticator, Microsoft Authenticator, etc.) that would be much easier to integrate as a back-up option for users' who aren't able to receive SMS codes.