Security and Compliance Discussions
Security & compliance of business operations are critical in this age of rising cyber threats, increasing compliance regulations, and rapid technological change. SAP customers, partners and SAP employees put great effort in to meet those risks and work towards effective security outcomes and cyber resilient systems. We benefit from each others' challenges and successes to protect the business processes and services we all depend on. Join us here to discuss the security and compliance of SAP software and cloud services, as well as secure development, deployment, and operational practices, whether on-premise or cloud.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Multifactor authentication at GRC End user logon page

Y3Phad
Explorer

‎2024 Jul 10 3:29 PM

0 Kudos
1,025

Hello Everyone,

I would like to know if below has been achieved and developed successfully.

I have requirement to enable Multifactor authentication (MFA) when a guest user logs in to End user logon page in GRC Access Control to request access for SAP system.

Can we enable MFA using On-premise AD ? 

SAP Access Control for SAP S/4HANA SAP Single Sign-On #multifactor authentication

Regards,

Yatin Phad

SAP Access Control for SAP S/4HANA
SAP Access Control for SAP S/4HANA
SAP Access Control
SAP Single Sign-On
SAP Single Sign-On
SAP Single Sign-On
3 REPLIES 3
Read only

MichaelHealy779
Participant

‎2024 Jul 11 2:38 PM

0 Kudos
950

I am not 100% sure that On Prem supports conditional access policies with 2FA, Azure AD certainly does and this would be easily done using AAD. I know SAP IAS supports this type of config too, but I don't know if you have these at your disposal? 

Read only

Y3Phad
Explorer
In response to MichaelHealy779

‎2024 Jul 11 2:42 PM

0 Kudos
925

Yes, I have proposed another design using Azure AD and SAP Cloud IAS but that will be an additional overhead of maintenance. Hence was checking if the popular End user logon page has been enhanced to cater needs of cyber security policies.

Read only

MichaelHealy779
Participant
In response to Y3Phad

‎2024 Jul 11 3:05 PM

0 Kudos
904

I misread your initial post, your description of “guest” is throwing me. I am guessing you are not referring to two different types of users here? Either way though my answer still stands, On Prem AD is not very helpful unless you want to use DUO or some other third parties. If you are using IAS or AAD then you have a huge amount of different ways to achieve this, we recently implemented 2FA and MFA with Okta and SAP, works nicely.