SAP Knowledge Base Article - Public

2320766 - [SSO] Partial Organization Single Single-On implementation steps

Symptom

This article covers implementing Partial Organization Single Sign On.

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

SAP SuccessFactors HXM Suite

Reproducing the Issue

Cause

Resolution

Implementation main steps:

The main steps for Implementing Partial Organization Single Sign On are:

  1. Enabling the loginMethod standard element in the Succession Data Model, and making it visible in the User data File (Employee Export)
  2. Enabling the Partial Organization feature in Provisioning
  3. Configuring the loginMethod to PWD for users that will be logging using the username & password instead of SSO.

    Note: Steps 2 and 3 are interchangeable. As soon as Step 1 has been completed you will be able to setup the loginMethod even if Partial Organization SSO is not yet turned on.

    Step 1: Enabling the loginMethod standard element

    You can configure loginMethod following the below steps:

    1. From Admin Center > Manage Business Configuration (BCUI)
    2. Expand Employee Profile
    3. Expand Standard
    4. Find the loginMethod field and enable it

    To include the field, you need to follow the below steps:

    1. Go to Manage Business Configuration > Employee Profile
    2. Expand "View Template"
    3. Open sysUserDirectorySetting
    4. From that page, select Take Action > Make Correction
    5. Then for both sysVisibleUserDirectorySetting and sysAllUserDirectorySetting, open the Details link
    6. Add loginMethod as a Standard Element

    For more details on how to work on BCUI, please review the KBA 2801085 - How to Work With the Manage Business Configuration (BCUI) feature in SuccessFactors - SAP for Me

    Step 2: Grant RBP (Role Base Permission) for loginMethod field.

    1. Go to "Admin Center" > "Manage Permission Roles";
    2. Select the role for which you want to grant the permissions;
    3. Select the "Employee Data" tab, in the "User Permissions" section;
    4. Select permissions for the Login Method field;
    5. Click Save Changes.
    6. Logout from the system and login back again

    Step 3: Enabling the Partial Organization feature in Provisioning

    Enable the "Partial Organization SSO" feature in the provisioning tool under Single Sign-On (SSO) Settings.


    Partial SSO Feature Switch.png

    Step 4: Configuring the loginMethod for users

    Now you can set the loginMethod for the user by setting values in the "loginMethod" field.

    1. Export the UDF file via Admin Center -> Employee Export (see KBA 2087479)
    2. Click on Export User File
    3. Open the Employee export file
    4. Modify the users Login_Method you wish to change
    5. Change a users Login_Method from either SSO to Blank or from PWD to Blank
    6. Import the file via Admin Center -> Import Employee Data (see KBA 2087479)
    7. Verify the import was successful
    8. Check if the changes made were applied in the application

    You can download the employee import template from Admin tools as the new column should also be displayed there.

    Note: It is expected that customers set this value through the Employee Import file, most likely as an automated FTP process.

    See Also

    2088837 - [SSO] Partial Organization Single Sign-On - BizX Platform - SAP for Me

    Keywords

    Data model, Partial Single Sign On, configurations, provisioning, xml, login method, PWD, SSO, partner, consultant, bcui, manage business configuration , KBA , LOD-SF-PLT-SAM , SAML SSO First Time Setup , Problem

    Product

    SAP SuccessFactors HCM all versions