News & Information

CyberSafe TrustBroker™ products, for SAP business applications

CyberSafe TrustBroker Support Services

CyberSafe TrustBroker and Duo Integration

The TrustBroker products include easy to configure authentication policies so that you can decide when users are requried to use 2FA/MFA based on certain conditions, e.g. SAP role assignment, network address, whether they have existing sessions, etc. If 2FA/MFA is not required, then you might allow the user to logon using single sign-on (SSO). There is a policy for initial logon to the SAP system, as well as policies that are used after logon (e.g. when running SAP transactions).


Using the authentication policy you can take advantage of Duo for 2FA/MFA during initial logon to SAP systems:

  • Using a thick client such as SAP GUI, Analysis for Office, BEx etc.
  • Using HTTP authentication, e.g. during logon to Fiori Launchpad, SAP Business Client, SAP Portal on NetWeaver AS Java, etc.


You can also take advantage of Duo after logon to an SAP system:

  • When they run certain SAP transactions, e.g. when using SAP GUI, Web GUI or SAP Business Client
  • When using electronic signatures, instead of an SAP password being required, e.g. when using PI Sheets, Banking Module, Quality Management, etc.
  • When a user clicks on a SAP Fiori Tile after login to Fiori Launchpad


If you already have a license for one or more TrustBroker products, you can check the product documentation to find how to configure Duo integration. The documentation for the latest version can be found on If you need help or have questions about the integration, please use our email support that is described on

If you are not licensed to use TrustBroker products and would like to see a demonstration or have questions, please make contact with us by sending an email to

Leave us a message, or ask a question   CyberSafe on Twitter  CyberSafe on LinkedIn  CyberSafe on YouTube