Fiori is quite easy to use on your mobile device; all you have to do is logon to Fiori Launchpad, which is the single point of entry to all your business applications, just as you would on a desktop. This also means that organizations have to strike a balance between ease of use and security in a BYOD situation.
This is where SAP Single Sign-On steps in. It provides users with the flexibility of Fiori, while keeping security intact. So how does the SAP Single Sign-On option for Fiori work?
The integration of SAP Authenticator mobile application and the SAP Fiori Client application makes it possible. The Fiori Client is a native mobile app that enhances the use of Fiori apps and manages cache to make the solution quicker. The SAP Authenticator generates a one-time passcode based on the Time-based One-time Password (TOTP) algorithm.
The mobile SAP single sign-on for Fiori works in two ways: By starting the SAP Fiori Client app on the mobile device and clicking the Log on with SAP Authenticator link or initiating through the SAP Authenticator and clicking the SAP Fiori Client bookmark.
Either of the above ways initiates the authentication process. The SAP Authenticator generates a password and sends it along with the username to the SAP Fiori Client. The SAP Fiori Client checks the credentials provided by the SAP Identity Provider. When the check is successful, a SAML 2.0 assertion is issued for the particular user and service provider by the Identity Provider and SAP Fiori Client is securely opened for the user.