- Customers have requested additional front end functionality that allows them to have direct visibility and control over who can access their instance via provisioning.
- How can I manage the list of users that have access to the provisioning back end for my instance
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
SAP SuccessFactors HCM Suite
- As part of the b1708 release, customers can now avail of the 'Manage Provisioning Access Tool' feature. For the latest information on this tool be sure to check Provisioning Access Management Guide.
- The Manage Provisioning Access Tool can be accessed through the Admin Center
- It gives customers direct visibility and control over who can access their instance via provisioning
- Some features this functionality provides:
- You can view a list of users with Provisioning access to your instances and you can remove this access from anyone on the list
- You can also approve users to apply for Provisioning access through Manage Provisioning Access Tool
- Only users you have approved are notified by email and only users you approve may be granted access to Provisioning for your instance, upon request
- Note: The feature requires role-based permissions.
- To start using this feature, a user must be granted either of two separate permissions, one to view and one to manage users with Provisioning access
- View Provisioning Access
- Control Provisioning Access
- With only 'View Provisioning Access' granted, the user can view a list of everyone who currently has Provisioning Access to their instance
- When you grant the second permission, 'Control Provisioning Access' to a user, they will then see 2 additional icons appear in the top right hand corner of their screen
- The 2 additional icons make it possible to approve or revoke Provisioning Access to users
Adding New Provisioning Users:
- Click on the + icon and enter the email address of the user who you wish to grant Provisioning Access
- This will send an approval email to the specified user
- The email will direct the partner/consultant to HCM Ops Portal for Customer Instance Access form submission
- In the HCM Ops Portal:
- Partner/consultant fills in Customer Instance Access form and attaches system generated approval email
- Partner Organization will check on certification and customer admin approval based on system generated email
- Provide access by mapping Partner/consultant 's Provisioner ID to specific Customer Company ID & DC
- Select the user/s who you wish to revoke access and then click 'Rubbish Bin' icon
- This triggers an unmapping process and the selected user/s access will be removed
NOTE: Currently, the tool does not notify the user when their access has been revoked. Best practice would be for the person that is revoking the access to also inform the user that they are taking that action
What users show in this tool?
The tool will show all users that currently have access to the provisioning back-end of your instance. This includes two types of users:
- Any user that is working on a support incident.
This access is always time bound and expires automatically after 48 hours.
You do not need to revoke or request permissions for these users, as the access is requested by support staff through the incident management tool internally.
Any consultants or partners that you have requested access for.
This access is not time bound. Once you have no further requirement for the partner or consultant to access the provisioning back-end of your instance, you can delete the user from the list using the steps outlined above.
Note: If you delete a partner's access, the only way of restoring the access is for the partner to submit a new request through the partner portal. This can take up to 7 days.
Grant Provisiong Access, Revoke Provisioning Access, List of users with Provisioning Access , KBA , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-PLT-PRVR , Manage Provisioning , How To