cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

MFA setup for SAP PO/PI risks

ramu_g4
Participant

on ‎2025 May 13 9:00 PM

0 Kudos
185

Hi Experts,

We are planning to implement Multi-Factor Authentication (MFA) for logging into our SAP PO/PI systems. We have around 230+ partner systems connected to our SAP backend via SAP PO/PI. Could you please let me know if there are any risks associated with this, particularly regarding potential impacts on connectivity with these partner systems?

Regards, 

Ramu. 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

helmut_skolaut3
Contributor
‎2025 May 14 6:44 AM
0 Kudos

Hi Ramu

in my security understanding the MFA is nowadays state of the art if you have websites for user interaction that can be reached in the cloud (e.g.  cloud integration).  As I assume your  PI/PO system is hosted on premise and monitoring and admin URLs are only reached if you are connected via VPN - you have already reached 1st factor (you have VPN credentials) - so basic authentication on PI/PO is okey. However, it can be easily connected via SSO that you use your Active Directory Certificate that gives extra security.

When talking about integrated services - if they are from outside you need somewhere a reverse proxy or API-M. If you have already integration suite, i would recommend to use API-M to make all security checks. Otherwise install as a reverse proxy but also include a WAF (web application firewall) that is checking and filtering un-wished requests.

BR Helmut

 

Show replies
Show replies
Ask a Question