Mobile SSO for SAP Fiori with SAP Authenticator
Overview of SAP Fiori
SAP Fiori is a new age experience (UX) for SAP, that is revolutionizing the way applications are built, taking the user experience to new heights. It combines modern design principles providing a holistic and a consistent experience across variety of devices. With SAP Fiori, you can accomplish a variety of productive tasks including getting quick insight-to-action anytime and anywhere.
There are a variety of apps that are currently applying the SAP Fiori UX to provide enhanced user productivity and personalization for customers, who use SAP Business Suite on any database and SAP Business Suite powered by SAP HANA. Enterprises that have implemented a single sign on (SSO) solution for the SAP Business Suite can give the same ease of use to their Fiori users with several SSO options.
Implementing Mobile SSO for SAP Fiori with SAP authenticator
On November 3rd, 2014 SAP released a latest support package (SP04) for Single Sign-On 2.0 – a mobile SSO solution that is perceived as a straightforward authentication mechanism for favorite applications and trusted websites on mobile devices. It offers simplicity for your SAP Fiori users without compromising the security for your company.
This solution is based on Time based One-Time Password (TOTP) algorithm, which is of the open standard RFC 6238. This algorithm computes a one-time pass code from a shared secret key and current time. With the respective user name and pass code, the authentication to the Identity Provider triggers IDP initiated single sign-on mechanism. For TOTP client, SAP authenticator is the mobile application, which is available for iOS and android platforms. SAP Authenticator offers password protection. The password is defined during the installation of the application, it is used only for the encryption/decryption of the secret key, and it is not stored on the device. The password offers additional level of security, that is not available with the other similar OTP generator applications existing on the market. Mobile SSO implementation with TOTP is easier to setup and support compared to, for example, a Mobile SSO implementation based on client certificates, where a Public Key Infrastructure is necessary. Mobile SSO with TOTP could be enabled easily also for scenarios that allow a “Bring Your Own Device” (BYOD) policy, where the transfer and the storage of client certificates is difficult or impossible.
Once you implement this solution, you will have the flexibility to use Fiori applications, bookmarked on your device after a single click. Once you click on the respective Fiori application bookmark, the SAP authenticator creates a pass code and a URL with respective parameters. Next, the SAP authenticator sends this URL to the browser, wherein the browser opens the URL that triggers the single Sign-On. On the other hand, the Identity Provider checks the entered credentials and if the authentication is successful, issues a SAML 2.0 assertion for you and for the respective service provider (SAP Fiori). In the final step that refers to the HTTP-POST binding response, the SAP Fiori application gets securely opened on your mobile device.
Key Take aways
- Greater simplicity for end users – high level of user experience
- Enhanced security for your organization
- Save costs due to minimized number of password related IT tickets
- Increased employee productivity (only one single password and less typing)
- Built on responsive design principles
- Utilizes SAP UI5 and SAP NetWeaver Gateway to provide a consistent and a seamless end-to-end extensibility
- Leverage your current SAP investments by offering quick value for over 85% of your users.
From the above discussion, it is obvious that Mobile SSO with SAP Authenticator has a major role to play in ensuring enhanced corporate security, while providing a consistent, simple and a holistic consumer grade experience across a variety of devices – desktop, tablet or a smart phone. Organizations worldwide are adapting to this new technology to take consumer mobile user experience to the new level with perceived business benefits – improved user productivity and substantial cost savings.
If you would like to request a demo for the “Fiori SSO with SAP Authenticator”, please click on the link below. Alternatively, if you would like to discuss with an Innovapptive associate, you can reach out to us by emailing us at firstname.lastname@example.org or you can reach a sales representative at (713) 275-1804.