Using the 'Login with Single Sign On' in the backoffice allows a user to login for the first time after authenticating through the Identity Provider (IDP) and for some time thereafter without the need to re-authenticate.
In the case where Azure Active Directory (Azure AD) is used, the user will be met with a 401 - Unauthorized error upon accessing the backoffice in the same way after 2 hours.
The issue requires the use of Spring SAML and was only observed when Azure AD was used as the IDP, although it could potentially happen with other IDPs.
- sign on
- Authentication Instant
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.