How to Enable Multi-Factor Authentication (MFA)

To continue our enhanced security efforts, some SAP platforms/sites will offer you a more secure sign-in method, a time-based one-time password (TOTP) MFA.

This page will walk you through how to enable MFA through your SAP profile, to prepare you in advance, when entering sites that require TOTP. You can also activate MFA during a site's activation, however without enabling it on your profile you will have to do this each time. At the bottom of this page, you can also learn how to disable and re-enable MFA when switching devices.

How to Enable MFA Through Your SAP Account

1.  Access your account: https://accounts.sap.com.

2.  Scroll down to TOTP Two-Factor Authentication and click Activate.

3. You will be prompted to enable the SAP Authenticator application, or any supported authenticator, on your mobile device.


4.  After downloading the authenticator, follow the instructions within the authenticator application to complete the installation on your mobile device.

5. Scan the barcode on your account or enter the Secret Key manually. 

6. The page will refresh, and the confirmation message will appear. You will also receive an email confirming the update to your account.

How to Disable and Re-enable MFA Through Your SAP Account

Please Note: You must disable MFA before changing the authenticator application.

This must be done, for example, when you switch to a new mobile device

1. Navigate to your SAP Universal ID Account.

2. Scroll to the TOTP Two-Factor Authentication section and click Deactivate.

3. Select the deactivation channel by sending a one-time reset code to your previously validated email address or SMS number.

4. Once disabled, you will be required to add a new TOTP profile to your account before you can authenticate into the platforms which require it. Please follow the instructions above to re-enable your MFA on your new device.

Additional Support

If you experience any problems, please reach out to Support.