Multi-factor authentication is a two-step verification process where users are required to authenticate themselves a second time using a time-based verification code. As compared to the single step authentication process, multi-factor authentication provides enhanced security.
Previously, suppliers attempting to sign in to SAP Ariba Developer Portal using the AN Supplier SSO Sign-in option were re-directed to the Ariba Network supplier sign-in page for authentication. However, it was just a one-step verification process.
With multi-factor authentication enabled, users are required to perform the two-step verification process to log into SAP Ariba Developer Portal.
Until recently Ariba Network did not provide a feature for multi-factor authentication, which would significantly improve login security when compared to existing user ID/password authentication. There was no verification mechanism to ensure that the individual logging in was indeed the account holder vs. a nefarious entity that had obtained a user’s credentials. Ariba Network customers were requesting that the applications provide a multi-factor mechanism for authentication that would be comparable to existing functionality that is provided by banking institutions.
The impact of the feature is that it will improve the security at login by forcing the logging-in user to enter in a digital token, from the authenticator app, associated to the user account. This will prevent unauthorized use of the associated account should a user’s login credentials become compromised. Enabling this functionality will significantly decrease the likelihood that a nefarious entity can successfully gain access to the SAP Ariba applications using compromised user account credentials.
Quando a autenticação multifator é ativada para uma organização, os usuários devem instalar um aplicativo autenticador, como o SAP Authenticator do iTunes (para dispositivos iOS) ou do Google Play (para dispositivos Android) em seus dispositivos portáteis para gerar um código de verificação de tempo limitado (também chamado senha de uso único de tempo limitado). A configuração do código de verificação de tempo limitado também é compatível com autenticadores de terceiros, como o Google Authenticator ou o Microsoft Authenticator.
Ariba Network 2108
Ariba Supply Chain Collaboration 2108