Tenant administrator can configure back-up channels to send TOTP deactivation passcodes to the user.
-
You are assigned the Manage Tenant Configuration role. For more information about how to assign administrator roles, see Edit Administrator Authorizations.
-
(for the SMS channel) The user must have a verified phone.
-
(for the SMS channel) You have configured the Sinch Service option in the administration console for SAP Cloud Identity Services. For more information, see Configure Sinch Service in Administration Console.
-
(for the email channel) The user must have a verified email address.
-
(for the email channel) You have configured an email template for the Deactivate TOTP Device process. For more information, see Configuring Email Templates.
The ${other.totpResetPasscode} parameter is mandatory for the Deactivate TOTP Device template.
The primary channel to deactivate a device is the passcode generated by the mobile device. If no other back-up channel is enabled, this option is the only one for the user in the Two-Factor Authentication section of the administration console for SAP Cloud Identity Services.
When the back-up channels, SMS and/or Email are enabled in the administration console, the user can choose from the options on the profile page: Existing Multi-Factor Authentication, Passcode by SMS, and Passcode by Email.
We recommend you to enable the back-up channels. Thus the users can use the option as an alternative when they don't have access to the TOTP device or application.
It takes 2 minutes for the configuration changes to take place.
To enable or disable back-up channels for deactivation passcode, follow the procedure below:
-
Sign in to the administration console for SAP Cloud Identity Services.
-
Under Applications and Resources, choose the Tenant Settings tile.
At the top of the page, you can view the administrative and license relevant information of the tenant.
-
Under Authentication, choose the Multi-Factor Authentication list item.
-
Under TOTP Deactivation Passcode Channels Configuration, enable or disable the options according to your needs.
- SMS
If the operation is successful, the system displays the message TOTP Deactivation Options updated.
Users can choose from the back-up channel options on their profile page if they are enabled via the administration console.
Related Information
Tenant SAML 2.0 Configurations
Get SAML 2.0 IdP Metadata via Parameter
Tenant OpenID Connect Configurations
Change Tenant Texts Via Administration Console
Configure Master Data Texts Via Administration Console
Configure Links Section on Sign-In Screen
Add Instructions Section on Sign-In Screen
Configure X.509 Client Certificates for User Authentication
Enable Users to Generate and Authenticate with Certificates
Configure Allowed Logon Identifiers
Configure User Identifier Attributes
Configure Trust this browser Option
Configure Initial Password and Email Link Validity
Use Custom Domain in Identity Authentication
Change a Tenant's Display Name
Configure Default Risk-Based Authentication for All Applications in the Tenant
Configure Sinch Service in Administration Console
Configure RADIUS Server Settings (Beta)
Configure Mail Server for Application Processes
Send System Notifications via Emails
Configure Customer Managed Keys in Administration Console (Restricted Availability)
Configure Default Language for End User Screens
Reuse SAP Cloud Identity Services Tenants for Different Customer IDs