How does SAP Single Sign-On (SSO) for Fiori work?
Fiori is quite easy to use on your mobile device; all you have to do is logon to Fiori Launchpad, which is the single point of entry to all your business applications, just as you would on a desktop. This also means that organizations have to strike a balance between ease of use and security in a BYOD situation.
This is where SAP Single Sign-On steps in. It provides users with the flexibility of Fiori, while keeping security intact. So how does the SAP Single Sign-On option for Fiori work?
The integration of SAP Authenticator mobile application and the SAP Fiori Client application makes it possible. The Fiori Client is a native mobile app that enhances the use of Fiori apps and manages cache to make the solution quicker. The SAP Authenticator generates a one-time passcode based on the Time-based One-time Password (TOTP) algorithm.
The mobile SAP single sign-on for Fiori works in two ways: By starting the SAP Fiori Client app on the mobile device and clicking the Log on with SAP Authenticator link or initiating through the SAP Authenticator and clicking the SAP Fiori Client bookmark.
Either of the above ways initiates the authentication process. The SAP Authenticator generates a password and sends it along with the username to the SAP Fiori Client. The SAP Fiori Client checks the credentials provided by the SAP Identity Provider. When the check is successful, a SAML 2.0 assertion is issued for the particular user and service provider by the Identity Provider and SAP Fiori Client is securely opened for the user.
Benefits of SAP Single Sign-On:
- Authenticates once, and the only login needed across all SAP and non-SAP applications in a secure and user-friendly way.
- One protected central place, eliminating the need for password reminders.
- SAP Single Sign-On allows for the improvement of security measures across the organization and meets regulatory requirements and usage of mobile device outside the corporate network.
- Eliminates need to provision and reset passwords across many systems, reducing significant effort to maintain password policies.
- Utilize the benefits of quick implementation and low total cost of ownership.
- Increase productivity due to reduced effort from manual authentication process, resetting passwords, and help desk