One-Time Password Authentication Implementation Guide

The one-time password (OTP) solution, part of SAP Single Sign-On (SSO), is used to generate one-time passwords called passcodes.

The passcodes are time-based and valid for just one login attempt. They are used for strong authentication when logging on to corporate resources. To use one-time password authentication, it is best to have compatible mobile devices, which provide the passcode. To use the OTP authentication, you should then install an authenticator application on your mobile devices.

Note

If you do not have compatible mobile devices, there are alternative solutions for passcode provisioning.

You can use the OTP authentication in the following cases:

Log on to systems using Secure Login Client.
Log on to systems using SAML and using SAP NetWeaver (NW) Application Server (AS) Java as an identity provider.
Log on to web applications running on SAP NetWeaver AS for Java.

The OTP solution provides its own login module, TOTPLoginModule, which supports two-factor authentication or single-factor authentication. With two-factor authentication, you provide two means of identification (a passcode and a corporate password or an X.509 certificate for example), while with single-factor authentication you log on using only one factor (a passcode, a corporate password, an X.509 certificate or other).