TWO-FACTOR AUTHENTICATION FOR THE EPFL – HETEROGENOUS STRUCUTRES SAFELY CONNECTED
During an external audit the EPFL was advised to increase access security with the implementation of a two-factor authentication system. Additionally, students and professors should be enabled to access SAP applications from their mobile devices.
THE CHALLENGES
Interfaces between technologies with strong age difference
Grown over time, the EPFL’s system topology includes various systems and technologies like user interfaces based on SAP GUI. SAP offers no compatible standards, that also meet the specifications of the EPFL, to connect these technologies to modern authentication methods.
Heterogenous system landscape
Additional challenges emerged regarding integration and compatibility. Due to its heterogenous system landscape that is inhabited by a multitude of different clients, a rollout via modern software distribution was not possible. Additionally, it had to be considered that faculties used different management methods.
ABOUT EPFL
The EPLF (L’Ecole polytechnique fédérale de Lausanne) is the technical- and science-university in Lausanne and counts as one of the leading universities world-wide. Together with the university of Lausanne it is the biggest educational- and research-center in Switzerland. The campus of the EPFL houses more than 15.000 students and employees from more than 120 nations.
OUR APPROACH
Our solution is based on open standards (SAML 2.0, x.509) making it easily expandable, scalable and system independent. A robust concept ensures compatibility with every device no matter if desktop or mobile. To guarantee safe access, SAP single sign-on with SAP Web Dispatcher and Network Edge Authentication (NEA) is used. Despite a missing central software distribution, the rollout process was fashioned to require minimal effort from support staff.
