Human Capital Management Blogs by SAP
Get insider info on SAP SuccessFactors HCM suite for core HR and payroll, time and attendance, talent management, employee experience management, and more in this SAP blog.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert

TOTP, or Time-based One-time Passwords, is a way to generate short lived authentication tokens commonly used for two-factor authentication (2FA). The algorithm for TOTP is defined in RFC 6238, which means that the open standard can be implemented in a compatible way in multiple applications.

How does TOTP work?

Inputs to the TOTP algorithm include a secret key and your system time. Those get put through a one-way function that creates a truncated, readable token. Because the inputs are available offline, the whole method works offline. This is a great option for users that may have unstable cellular connections for receiving SMS 2FA or for users who want a more secure channel than SMS 2FA.

What is Multi-Factor Authentication (MFA)?

When a system needs to authenticate that you are who you say you are, it can use a variety of factors, or pieces of information, to verify your identity. Many systems just use one factor, like a single password.

Why Use MFA?

Basically, the strength of multi-factor auth is that it gives you an extra layer of security on top of passwords. More generally, MFA protects you when one of your factors is compromised

How to implement TOTP 2FA in your application

Follow the below steps to configure TOTP in your IAS Tenant .. Below activity will be performed by an Administrator.

Add the below Rule to Risk Based Authentication

Now configuration is completed, Now let's install the Mobile App (Android or iOS) for TOTP

I would prefer SAP Authenticator app to Install in your Mobile device for 2FA ..
And there's plenty of TOTP app choices the customers can choose for themselves!

Once you installed, let's try to login to your SAP Commissions Tenant .. you will be redirected to 2FA (Two factor Authentication) Page for first time ..

We recommend scanning a QR code, but you can also enter the key manually. This is how the account and the authenticator app sync the secret key.

Use the scanner on your mobile device to scan the QR Code.

  1. Tap Done on your mobile device.
  2. Enter the passcode generated by the SAP Authenticator app into the Passcode field provided on the IAS profile page as below.
  3. Press Activate.

Let's try again to Login ( you will see your own login Page with Single Sign on enabled)

Here's a look at how the IAS Application prompts a user to enter the pass-code..

Open your SAP Authenticator App or Authenticator app you had configured from above step and enter the pass-code showing in your app with timely based.

Now I am successfully logged into SAP Commissions Home Page through Single Sign on (SSO)  with 2FA

As shown below, Admin can see the Security logs for the users Mechanism for authentication type.


Activate a Device for TOTP Two-Factor Authentication (Help Portal):


Thanks, for reading it till the end. 🙏

Hope you find that helpful! Let me know your thoughts on this in the comments section.
Don’t forget to share this article with your friends or colleagues.
Feel free to connect with me on any of the platforms below! 🚀

yoganandamuthaiah |Twitter | LinkedIn | GitHub

FollowLikeRSS Feed