Symptom
You have a requirement to do information security control in the system. The security strategy requirements are the following two points:
- System to be bound to the MAC address of the user's computer.
- Two steps of validation, for example: you can generate dynamic encoding to the mailbox, and then log in according to the dynamic encoding.
Environment
SAP Cloud for Customer
Resolution
In C4C, we don't have any such existing functionality to support the requirements. Alternatively, user can use SSO processes, where IDP is enabled with the required functionality in place to handle the requirements. In case of SSO, C4C system will by default redirects the users to the IDP, where, IDP can perform required pre-processing before allowing the user to take next steps (like generating the token in their device, which is dealing with requirements like based on MAC address and then entering it in the IDP, which takes next steps).
Is there any documentation or guidelines for SSO+IDP?
This is not standard functionality in C4C, it might be possible with IDP which supports such functionality. So, we wont have guidance documents or blogs related to it, it needs to be checked if there is some IDP provider which can provide such possibility.
Keywords
KBA , information security control , sso+idp , SRD-CC-IAM , Identity & Access Management , Problem