Two-Factor Authentication

Use two-factor authenticated logons for iOS applications.

An administrator (SAP Mobile Platform Server or mobile service for development and operations) can require a one-time password (OTP) as a second-factor verification step, together with existing authentication mechanisms (for example OAuth and SAML) for the native app to establish a valid session with a server or mobile services. For example, in a banking app, only basic authentication is required to check an account balance; however, two-factor authentication is required (via a OTP sent by SMS message) to make a transfer.

Logon Support for Two-Factor Authentication with SAP Authenticator

The Logon manager automatically handles two-factor authentication if it is enabled on the server. Generally this means - from client point of view - that a WebView will be presented where the user must provide a One Time Pin (OTP) generated by the SAP Authenticator. This requires the user to switch to the properly configured SAP Authenticator application which generates the pin code. The user then must switch back to the application and pass the OTP to the WebView presented by the Logon component.

Supporting SAP Authenticator automatic flow – On the OTP Web form there is a link which can automatically open the SAP Authenticator application. The SAP Authenticator then can reopen the caller by a unique URL scheme automatically, provided the application is set up correctly.