The Ultimate Solution Multi Factor Authentication

Multifactor authentication is one of the most cost-effective mechanisms a business can deploy to protect digital assets and customer data. Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction. Typically it uses all the three types of authentications – something you know, something you have and something you are.

2FA can fail if the user’s digital device (mobile phone, laptop, etc.) is stolen. But MFA can’t fail because it’s almost impossible to steal someone’s retina or fingerprint.

An overview on how MFA works

• You provide your username and password to the system.
• The system generates a one-time-password (OTP) and sends it to your phone.
• You enter the OTP into the system.
• The system asks to provide your fingerprint.
• You provide the fingerprint onto the fingerprint scanner attached with the machine.
• The system asks to provide your retina scan.
• You look into the attached retina scanner.
• If all the information provided is correct, the system allows you to login. Otherwise, the login request is declined.

How is Auth-Shield MFA integrated into SAP Login Architecture

SAPGUI is client end software that allows users to access SAP servers. AuthShield does a direct integration of Second and Third Factor of Authentication with SAP GUI using a protocol decoding engine. The integration is unique in itself and implements MFA with SAP GUI at a protocol level.

User requesting access has to enter his user name and password on SAP GUI.

After due validation, user received an authentication request on his registered desktop. The request is received by Desktop One Touch Authentication.

Once the user approves the notification, he is asked to provide his fingerprint impression. The user uses the attached fingerprint scanner to provide his fingerprint.

Once the fingerprint is approved, the user is asked to provide his retina scan. He then looks into the retina scanner. If all the information (username/password, OTP, fingerprint and retina) provided is correct, the user is granted access.

Authentication to SAP Netweaver is done via RADIUS Protocol. AuthShield Authentication Server has an inbuilt support for RADIUS protocol. The user enters his User Name, Password and OTP. The user name and Password are authenticated as normal while the user name and OTP are authenticated by the Authentication server.

I am Technology Evangelist. I am part of the core team of Authshield Labs and have been actively involved in research on information security vulnerabilities.