One of SAP’s latest products is SAP Universal ID, a unified account that allows customers to access all SAP services in one place with a seamless user experience across all SAP products and services.
The company refers to it as the “Apple ID for everyone in the SAP world.” With this, SAP customers can link their SAP accounts under one ID, represented by an e-mail address, and use it to log on to SAP services with a single password.
Security Is Key
Even though using only one set of log-on credentials offers great advantages for SAP customers, it also means that if this password is compromised, the attacker may gain access to multiple SAP services and accounts at once. That’s why SAP Universal ID developers were searching for a more secure solution that prevents fraud but doesn’t impact usability.
Authenticating with biometrics has been proven to be the most secure way to protect user accounts and devices without impacting user experience and conversion rates. But until now, biometric authentication could exclusively be used in native apps on mobile devices. This recently changed with a brand-new Web standard called “WebAuthn” that makes it possible to use biometrics on Websites.
But developing a biometrics-based authentication process, combining it with a secure cryptographic challenge-response two-factor authentication protocol, and integrating it into an existing tech stack takes a lot of time, knowledge, and developer resources.
Biometrics and Cryptography by Hanko
That’s why SAP decided to realize this project together with Hanko. The young authentication-as-a-service provider was invited to participate in a three-month startup accelerator program at SAP.iO Foundry Berlin in 2019. In a joint proof of concept, the SAP team tested password-less authentication with Touch ID and Windows Hello for SAP Universal ID.
With their managed cloud application programming interface (API), Hanko enabled SAP developers to access a fully-fledged and certified WebAuthn infrastructure right from the beginning of the project. Hanko accompanied the SAP team, providing demo code and ready-to-use client and server software development kits. To create an optimal user experience (UX), Hanko also supported the UX team in the development and implementation of the new user flows for the password-less authentication methods.
The Outcome
The result of the proof of concept is a fully functioning SAP Universal ID test environment supporting password-less two-factor authentication with WebAuthn authenticators, such as Windows Hello, Apple Touch ID and Face ID, as well as FIDO Security Keys. Since Hanko supplied the main code components, SAP was able to integrate the password-less technologies into SAP Universal ID with a small team in just one-third of the estimated
time. The test environment will be leveraged for further user testing until the feature is released to SAP customers.
Thilo Brandt, IT senior manager for SAP Universal ID, confirms that internal tests have produced a consistently positive response, from developer and QA level up to top management. “The development effort for introducing password-less authentication was significantly reduced through the use of Hanko. The team helped us to successfully navigate implementing password-less authentication into our application stack and user interfaces.”
Michael Braun, IT chief product owner of Identity and User Management at SAP, is happy with the outcome of the project as well: “With the help of Hanko, we were able to prove the feasibility of our vision for a password-less log-on for SAP Universal ID in terms of technical implementation as well as usability on all major operating systems such as Windows, macOS, iOS, and Android.”
Felix Magedanz, founder and CEO of Hanko, is pleased to see that Hanko’s authentication-as-a-service solution is so well received at SAP and that the deployability of Hanko’s API has been successfully proven. “Our project with SAP demonstrates the power and the benefits of our password-less API. Seeing our solution being used by one of the largest software companies in the world makes us proud and strongly validates our approach. Through the close cooperation and feedback from SAP developers, we were able to improve our solution to make it even more convenient for future customers.”
About SAP.iO
SAP.iO is SAP’s strategic business unit to incubate, accelerate, and scale startup innovation and explore new business models for SAP. Since 2017, SAP.iO has helped over 300 external startups and internal ventures both start and scale their businesses while enabling thousands of SAP customers to access innovation.