Two-factor authentication uses the SAML2 provider and a trusted identity provider to authenticate users. Two-factor authentication uses two methods to identify users, for example, a user name and password, and a one-time-password that is generated by a security card (or similar tool).
Two-factor authentication is implemented by your SAML identity provider, which you configure as a SAML2 authentication provider in SAP Mobile Platform. When a user logs in, SAP Mobile Platform directs the authentication request to the SAML identity provider. If the user is authenticated, a SAML assertion is returned to SAP Mobile Platform Server, which attempts to verify it. If verifiication succeeds, the user is authenticated and can access SAP Mobile Platform resources.
A SAML identity provider may be available only in an intranet, and not accessible from the Internet. The SAML identity provider proxy feature allows you to access the SAML identity provider through SAP Mobile Platform Server.