- After a refresh IPS sync for IAS is failing, and users are not able to access the instance;
- IPSADMIN user exists on instances that were not yet upgraded;
- IAS Upgrades are not reflecting its correct status post a refresh.
SAP SuccessFactors HXM Suite
Reproducing the Issue
- Go to Admin Center
- Access Upgrade Center
The instance refresh copies the users, password policies and permissions, which impact the IPSADMIN used on the sync of the users.
There is a limitation that the instance refreshes copy users and its permission, which overwrites the permission and the IPSADMIN user created for IPS sync of the user.
This limitation is expected to be solved in the future (pending date confirmation). For now if you face issues pose the refresh, follow the below:
If Target SF Instance is Integrated with IAS and source is not:
You need to do the below actions:
- You need to re-create the IPSADMIN that IPS uses read user on SuccessFactors instance. Follow the below steps:
- On SuccessFactors instance, create a user with user ID and Username as IPSADMIN. You can do it through an import;
- Set up IPSADMIN user for IPS as referred on the guide on step 6.1 and 6.2;
- Make sure to have the IPSADMIN password setup as it was before or reset it and update on IPS side as well;
- On IPS, run the sync job (Read Job), so that the users are updated and you confirm the sync is working.
If Target SF Instance is NOT Integrated with IAS and Source is:
If target instance has NEVER initiated the IAS upgrade from Upgrade Center, you should not have the IPSADMIN user on the instance.
- You need to delete/permanent purge the IPSADMIN from the instance as the Initiate Upgrade will fail if the user is already created. To delete it follow this KBA 2545988 and execute all steps.
Note:- If the target has Non-SSO setup, make sure that a Non-SSO admin account is maintained in the source instance, before refreshing your target instance. This admin account will allow you to access the target instance after refresh.
IMPORTANT: If the refresh was performed prior to August 16th or via manual refresh, it will be needed extra steps from Product Support and operations team to correct the upgrade center status. If that is the case raise an incident with LOD-SF-PLT-IAS with Subject IAS Post Refresh activities and provide written approval for us to run a script to correct the upgrade's status on Upgrade Center.
(For Support team usage, Scripts can be found on previous version of this KBA or on internal memo)
Instance Refresh IRT IAS Identity SAC , KBA , LOD-SF-PLT-IAS , Identity Authentication Services (IAS) With BizX , LOD-SF-PLT-IRT , Instance Refresh Tool , Problem