on 01-06-2014 3:42 PM
Hi Experts,
is Multi-Factor Authentication (MFA) supported by NW SSO?
What i've read is the Secure Login Server has a SecureLoginModule20RADIUS module which can use to integrate with the RSA Server.
My query is
Thanks!
Dear Jiunn,
At the moment with SAP NetWeaver SSO 2.0 it is possible to configure user authentication verification against RADIUS server (RSA). This is one of the authentication mechanisms for Single Sing-on we support. When it is implemented, this authentication is used instead of the basic authentication with UserID and password (example 1. from your question).
With the current version of the SAP NetWeaver SSO 2.0 it is not possible to use the basic authentication (UserID/Pass) together with authentication against the RADIUS server like multi factor (example 2. from your question).
Currently we are in discussions about such capabilities (second factor authentication) and it will most probably become part of the SAP NetWeaver SSO product with one of the next releases.
Kind regards,
Donka Dimitrova
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Donka,
In your above reply you mentioned that "At the moment with SAP NetWeaver SSO 2.0 it is possible to configure user authentication verification against RADIUS server (RSA)." .
Does it mean that SAP NW SSO 2.0 support RADIUS server authentication for enabling 2FA only with RSA or it can support any 2FA which support Radius Server .
regards
gaurav
Hello Gaurav,
Yes, with our product SAP SSO we support 2FA with RADIUS server in general and not only the RSA.
We also support 2FA with Time based One Time Passwords (OTP) with the latest release - SAP SSO 2.0 SP03. This is a solution for customers who would like to enforce stronger authentication but do not want to implement and support full RADIUS server. Using this solution the employees could generate OTPs simply using their mobile phones. This solution is cheaper and requires almost no support. More details you will be able to find in this article:
Best regards,
Donka Dimitrova
Hi Donka Dimitrova,
you said, that there are plans to add two factor authentication.
We're interested in using exactlly that: Leave the first channel (UserID/Pass) like it is and add another one.
Thanks in advance!
Cheers
Hello Christian,
Yes, the SAP Single Sign-On product supports dual authentication and RSA (RADIUS) could be configured for the second authentication. In your case (because you want to keep the basic authentication for the first authentication phase) the behavior of the system will be the following: the user will be prompted first to provide his UserID&Password and if the password is correct then the user will be prompted to provide also a passcode (RSA). Here the user will have no chance to type another username, he will be able to type only a passcode and if the passcode is valid then the user will be authenticated successfully.
It is possible for example also to combine Kerberos (first authentication stage) & RSA/OTP/SMS (second authentication stage).
You can implement now such dual authentication also using X.509 client certificates issued by the Secure Login Server (not only with SAML) but you have to use the latest SP06 for SAP Single Sign-On 2.0 version.
See more detains in the implementation guide:
http://help.sap.com/download/sapsso/secure_login_impl_guide_en.pdf
If you have any further questions just let me know.
Regards,
Donka Dimitrova
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.