With multi-factor authentication you can implement a strong form of authentication for business-critical applications. Authentication is based on multiple means of identification: for example, knowledge of a password and possession of a physical device, such as a mobile phone.
With SAP Secure Login Service for SAP GUI, you can use multi-factor authentication by leveraging the capabilities of SAP Cloud Identity Services - Identity Authentication or a third-party identity provider.
SAP Single Sign-On supports multi-factor authentication via time-based one-time passwords (TOTP) generated by the SAP Authenticator mobile app. Alternatively, out-of-band transport of tokens, including one-time passwords sent via SMS or email or RSA/RADIUS, are supported.
Digital signatures uniquely identify the signer, protect the integrity of the data, and provide the means for a binding signature that cannot be denied afterwards.
The SAP Secure Login Service for SAP GUI and SAP Single Sign-On support digital signing using the Secure Store and Forward (SSF) interface. The Secure Login Client for SAP GUI can use X.509 certificates for digital signatures in an SAP environment.
Server-side digital signatures are supported by the SAP Common Cryptographic Library. In addition, server-side digital signatures are supported via hardware security modules, offering increased security and performance.
Certificate Lifecycle Management for SAP NetWeaver Application Servers
SAP Single Sign-On supports automated renewal of X.509 certificates for SAP NetWeaver Application Server ABAP and SAP NetWeaver Application Server Java, using the on-premise Secure Login Server. This significantly reduces manual effort, eliminates the risks of human errors, and prevents costly system downtime.
An automated central roll-out of trusted root certificates facilitates the transition from self-signed certificates to a PKI-based approach. In addition, the on-premise Secure Login Server can act as Registration Authority of an existing enterprise PKI.