
TOTP, or Time-based One-time Passwords, is a way to generate short lived authentication tokens commonly used for two-factor authentication (2FA). The algorithm for TOTP is defined in
RFC 6238, which means that the open standard can be implemented in a compatible way in multiple applications.
How does TOTP work?
Inputs to the TOTP algorithm include a
secret key and your system time. Those get put through a one-way function that creates a truncated, readable token. Because the inputs are available offline, the whole method works offline. This is a great option for users that may have unstable cellular connections for receiving SMS 2FA or for users who want a
more secure channel than SMS 2FA.
What is Multi-Factor Authentication (MFA)?
When a system needs to authenticate that you are who you say you are, it can use a variety of factors, or pieces of information, to verify your identity. Many systems just use one factor, like a single password.
Why Use MFA?
Basically, the strength of multi-factor auth is that it gives you an extra layer of security on top of passwords. More generally, MFA protects you when one of your factors is compromised
How to implement TOTP 2FA in your application
Follow the below steps to configure TOTP in your
IAS Tenant .. Below activity will be performed by an Administrator.

Add the below Rule to
Risk Based Authentication

Now configuration is completed, Now let's install the Mobile App (
Android or iOS) for TOTP

I would prefer
SAP Authenticator app to Install in your Mobile device for 2FA ..
And there's plenty of TOTP app choices the customers can choose for themselves!
Once you installed, let's try to login to your SAP Commissions Tenant .. you will be redirected to 2FA (Two factor Authentication) Page for
first time ..
We recommend scanning a QR code, but you can also enter the key manually. This is how the account and the authenticator app sync the secret key.
Use the scanner on your mobile device to scan the QR Code.
- Tap
Done on your mobile device.
- Enter the passcode generated by the SAP Authenticator app into the
Passcode field provided on the IAS profile page as below.
- Press Activate.

Let's try again to Login ( you will see your own login Page with Single Sign on enabled)

Here's a look at how the
IAS Application prompts a user to enter the pass-code..
Open your
SAP Authenticator App or Authenticator
app you had configured from above step and enter the pass-code showing in your app with timely based.

Now I am successfully logged into SAP Commissions Home Page through
Single Sign on (SSO) with
2FA

As shown below, Admin can see the Security logs for the users Mechanism for authentication type.


Reference
Activate a Device for TOTP Two-Factor Authentication (Help Portal): https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/ab8a3237cd424a0c97b921100d2...
Thanks, for reading it till the end.
Hope you find that helpful! Let me know your thoughts on this in the comments section.
Don’t forget to share this article with your friends or colleagues.
Feel free to connect with me on any of the platforms below!
yoganandamuthaiah |Twitter |
LinkedIn |
GitHub