cancel
Showing results for 
Search instead for 
Did you mean: 

Two factor Authentication for SuccessFactors

0 Kudos
3,259

Is there any way to add a two factors authentication to Successfactors?

If Yes, is there any implementation guide for this explaining the desired configures in provisioning?

Thanks And regards

Reem Amr Khairy

Accepted Solutions (1)

Accepted Solutions (1)

donka_dimitrova
Contributor
0 Kudos

Hello Reem,

There are two products from SAP that offer two-factor authentication for SAP and non-SAP applications like SuccessFactors that are SAML Service Providers.

The first product is the SAP Single Sign-On (supports TOTP, RSA, SMS, e-mail) and the second one is our SaaS solution SAP Cloud Identity (supports TOTP).

When you decide to use the SAP Single Sign-On product capabilities you have to implement the on premise SAML IDP, to configure the SAML trust between our SAML IDP and the SuccessFactors SAML SP. The on premise SAML IDP needs to be configured to use the TOTPLoginModule, here is one guide that describes how to use the TOTPLoginModule for two-factor authentication: Simple Configuration Example for Implementing Two-Factor Authentication (2FA)

You can use as two-factor authentication not only TOTP passcodes but you can configure also RSA codes or even to send the code as an SMS to users who's mobile devices are not smart phones. This solution could be combined with risk-based authentication capabilities and you can decide when to ask the user for the 2FA passcode (for example when the user is coming from an external IP adress)

The same solution is available also with SAP Cloud Identity(SCI). Once you subscribe for the service and configure the trust between the SCI (SAML IDP) and the SuccessFactors (SAML SP), you can simply enable two-factor authentication for all authentications or for certain users and IP ranges. See some details here:SAP Cloud Identity Service

I hope this is helpful.

Regards,

Donka Dimitrova

0 Kudos

Hi Donka,


That was very helpful actually.

let me check something with you, is there any detailed guide to enabling " the SuccessFactors (SAML SP)" in the SuccessFactors provisioning? as i can't find one specific guide to the provisioning thing including the actual steps and so, could you help with this?


and should i use the "SAML v2 SSO" ?

Thank you so much your help is much appreciated.
Regards
Reem Amr Khairy

donka_dimitrova
Contributor
0 Kudos

Hello Reem,

Here in this guide (chapter 2.3) you will find info how to configure SAML trust on the SuccessFactors side:

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/006381ca-cda8-2f10-a2b1-cd351eb04...

Chapter 2.2 is how to configure SuccessFactors as a trusted SP for our SAP SAML Identity Provider (running on AS JAVA) coming with the SAP Single Sign-On product.

Regards,

Donka Dimitrova

0 Kudos

Hi Donka,

Thank you so much for your help

Regards
Reem Amr Khairy

Varsha1
Explorer

Hello donka.dimitrova and colt

My QR code for an account was set on the phone which is dead now. When I login to Onboarding Super Admin its asking me passcode also when I login to account.sap.com I am unable to deactivate TOTP as its asking for Passcode.

Please advice

Regards,

Varsha Naik

Answers (0)