Security and Compliance Discussions
Security & compliance of business operations are critical in this age of rising cyber threats, increasing compliance regulations, and rapid technological change. SAP customers, partners and SAP employees put great effort in to meet those risks and work towards effective security outcomes and cyber resilient systems. We benefit from each others' challenges and successes to protect the business processes and services we all depend on. Join us here to discuss the security and compliance of SAP software and cloud services, as well as secure development, deployment, and operational practices, whether on-premise or cloud.
Showing results for 
Search instead for 
Did you mean: 

Multifactor authentication at GRC End user logon page

0 Kudos

Hello Everyone,

I would like to know if below has been achieved and developed successfully.

I have requirement to enable Multifactor authentication (MFA) when a guest user logs in to End user logon page in GRC Access Control to request access for SAP system.

Can we enable MFA using On-premise AD ? 

SAP Access Control for SAP S/4HANA SAP Single Sign-On #multifactor authentication


Yatin Phad


0 Kudos

I am not 100% sure that On Prem supports conditional access policies with 2FA, Azure AD certainly does and this would be easily done using AAD. I know SAP IAS supports this type of config too, but I don't know if you have these at your disposal? 

0 Kudos

Yes, I have proposed another design using Azure AD and SAP Cloud IAS but that will be an additional overhead of maintenance. Hence was checking if the popular End user logon page has been enhanced to cater needs of cyber security policies.

0 Kudos

I misread your initial post, your description of “guest” is throwing me. I am guessing you are not referring to two different types of users here? Either way though my answer still stands, On Prem AD is not very helpful unless you want to use DUO or some other third parties. If you are using IAS or AAD then you have a huge amount of different ways to achieve this, we recently implemented 2FA and MFA with Okta and SAP, works nicely.