Two-Factor Authentication
The main goal of two-factor authentication is to prevent an attacker from accessing a user's account due to a compromised password. If you would like users to provide two independent factors for strong authentication when logging in, then two-factor authentication needs to be enabled.
In our scenario, two-factor authentication is handled by a custom Cloud-based IdP system, so the custom IdP administrator needs to perform the required configuration steps. Cloud Identity Services - Identity Authentication (IAS) is used as a custom cloud-based identity provider for handling the two-factor authentication. This is a cloud-based service for authentication, single sign-on, and user management for SAP cloud and on-premise applications.
Prerequisites for Use
User must have a QR code scanner and an authenticator application on their mobile device. Microsoft Authenticator and Google Authenticator apps are used for Two-Factor Authentication in SAP Analytics Cloud. The app generates the passcode that the user must enter as a secondary authentication step to access SAP Analytics Cloud.
Logging in With Two-Factor Authentication
Once two-factor authentication is enabled, when users go to log in for the first time, they are prompted to enter their user credentials for the SAP Analytics Cloud tenant as seen below.
When they select Continue, they are presented with a QR code on the screen. They scan it with their mobile device and a new passcode is generated in their authenticator app. They enter the passcode and select Continue.
In the following image, you can see an example passcode from the Microsoft Authenticator app.
For all subsequent log ins, users will then be prompted to enter their password and the automatic generated passcode by the authenticator app with no more QR codes to scan.
Additional Information
For more information on Multi-Factor Authentication in SAP Analytics Cloud, please visit Multi-Factor Authentication | SAP Help Portal.