SAP Fieldglass Two-Factor Authentication Configuration Guide
Provides an overview of SAP Fieldglass two-factor authentication security.
Two-factor authentication standards mandate that a system require a user to provide two means of authenticating themselves before they gain access to the system. SAP Fieldglass requires one authentication: a username and password. In certain cases, a buyer's business process may dictate two-factor authentication for certain users.
Two-factor authentication methodologies generally require a user to use information from:
-
Something the user knows, such as username/password, passcode, or answer to a question.
-
Something the user has, such as a phone, a device, or an email.
SAP Fieldglass two-factor authentication will require a user to enter:
-
The user's username and password, and
-
A onetime passcode that is emailed to the email address on the user's SAP Fieldglass user profile. This passcode is emailed after the user successfully enters their username and password, and is entered on a secondary authentication page that displays for the user.
Administrators are always required to use two-factor authentication if the company is enabled for two-factor. Other users must use two-factor authentication if their roles are configured for require_two_factor_auth_flag.
Considerations
-
If a user accesses SAP Fieldglass using single sign on, the user will be directed to the secondary authentication page and must enter their passcode before being granted access.
-
The method of using a onetime passcode is referred to as TOTP, or Time based One Time Passcode. Purely from a usability and ease of use perspective, SAP Fieldglass has relaxed the onetime usage restriction and allows the same passcode to be leveraged for up to eight hours. The system will only generate and require a new passcode if it is eight or more hours since the last time a passcode was generated for the user.