How to enable Multi-Factor Authentication (MFA)

To continue our enhanced security efforts, some SAP platforms/sites will offer you a more secure sign-in method, a time-based one-time password (TOTP) MFA. This page will walk you through how to enable MFA through your SAP profile, to prepare you in advance, when entering sites that require TOTP. At the bottom of this page, you can also learn how to disable and re-enable MFA when switching devices.

Note: your choice to enable or disable MFA may be overridden by your super administrator — if they enforce MFA it will be reapplied for your account and you’ll receive a notification with setup instructions.
MFA information for super administrators(opens in new tab)

How to enable MFA through your SAP account

1.  Access your account: https://accounts.sap.com(opens in new tab).

2.  Scroll down to TOTP Two-Factor Authentication and click the Activate button.

3. You will be prompted to enable an authenticator application on your mobile device. We recommend using MS authenticator or Google authenticator.

4.  After downloading the authenticator, scan the QR code and follow the instructions within the authenticator application to complete the installation on your mobile device.

5. A passcode will be generated. Enter your passcode in the passcode field, then click Activate.

6. The page will refresh and a confirmation message will appear upon successful set up to TOTP, saying “You have a device configured for TOTP two-factor authentication”. You will also receive an e-mail confirming the update to your account.

Note: Going forward, if needed, use the generated passcode if an application requires two-factor authentication from you. 

How to disable and re-enable MFA through your SAP account

Note:

You must disable MFA before changing the authenticator application.

This must be done, for example, when you switch to a new mobile device

1. Navigate to https://(opens in new tab)accounts.sap.com(opens in new tab).

2. Scroll to the TOTP Two-Factor Authentication section and click the Deactivate button.

3. Select the deactivation channel. You may choose the existing TFA method, sending a one-time reset code to your previously validated e-mail address or SMS number.

4. A generated passcode will be sent to you by your selected method. Enter that passcode in the text field.

5. Your TOTP will now be deactivated and an Activate button will appear next to the TOTP headline.

Note: You will be required to add a new TOTP profile to your account before you can authenticate into the platforms which require it. Follow the instructions above to re-enable your MFA on your new device.

Additional Support

If you experience any problems, please reach out to Support at sso@sap.com.