2595989 - How to Enable Only SSO Login for Business Users

You have configured your system for SSO login. You want to ensure that only the SSO login method and SSO Uniform Resource Locator(URL) will be allowed for the Business Users. This is to avoid the use of Non-SSO URL, and the login method User and Password.

• SAP Business ByDesign(ByD)
• SAP Cloud for Travel and Expense(TroD)
• SAP Hybris Cloud for Customer(C4C)

1. Enter your system URL, for example 'https://myXXXXXX.crm.ondemand.com'(C4C), 'https://myXXXXXX.sapbydesign.com'(ByD) or 'https://myXXXXXX.travel.ondemand.com'(TroD) (XXXXXX represents the individual system ID).
2. The login mask appears.
3. The Business User can login with their User and Password credentials.

By default all cloud systems are configured to handle both SSO login as well as Non-SSO login method automatically. The key user can determine if the system allows purely SSO or Non-SSO login or both.

Solution in SAP Business ByDesign and SAP Cloud for Travel and Expense.

 I. Configure which URL should be allow:

1. Go to the Application and User Management work center.
2. Go to the Common Tasks view.
3. Go to the Configure Single Sign-On sub-view.
4. Go to the My System tab.
5. In the URL Sent to Employee dropdown list, specify which URL should be used by the employee to logon to the system. Choose between the following options:

• Non-SSO URL - The system sends only the normal system URL to the employee. The employee cannot log on using SSO, and must use password or certificate instead.
• SSO URL -The system sends only the SSO URL to the employee. The employee can log on using SSO. Authentication request is redirected through the IdP.
• Automatic Selection - If SSO is not active, the system sends the normal system URL to the employee. If SSO is active, the system checks whether the employee has a password. If a password is available, both SSO URL and Non-SSO URL are sent to the employee. However, if the employee has no password, only the SSO URL is sent to the employee.

   6. Press Save.

 II. Configure the login method:

1. Go to the Application and User Management work center.
2. Go to the Common Tasks view.
3. Go to the Edit Security Policies subview.
4. Either assign the default policy S_BUSINESS_USER_WITHOUT_PASSWORD to the Business Users.
5. Or create a new security policy from a copy of S_BUSINESS_USER_WITHOUT_PASSWORD.
6. Go to the System Logon Password: Easy Password section.
7. Ensure the option PolicyPassword Logon Enabled is not active. This will deactive the capability of the system to allow User and Password login method.
8. Press Save.

Solution in SAP Hybris Cloud for Customer

I. Configure the URL to be used:

1. Go to the Administrator work center.
2. Go to the sub menu and select Common Tasks subview.
3. Go to the Configure Single Sign-On section.
4. Go to the My System tab.
5. In the URL Sent to Employee dropdown list, specify which URL should be used by the employee to logon to the system. Choose between the following options:

• Non-SSO URL - The system sends only the normal system URL to the employee. The employee cannot log on using SSO, and must use password or certificate instead.
• SSO URL -The system sends only the SSO URL to the employee. The employee can log on using SSO. Authentication request is redirected through the IdP.
• Automatic Selection - If SSO is not active, the system sends the normal system URL to the employee. If SSO is active, the system checks whether the employee has a password. If a password is available, both SSO URL and Non-SSO URL are sent to the employee. However, if the employee has no password, only the SSO URL is sent to the employee.

   6. Press Save.

II. Configure which login method to use:

1. Go to the Administrator work center.
2. Go to the sub menu and select Common Tasks subview.
3. Go to the Edit Security Policies section.
4. Either assign the default policy S_BUSINESS_USER_WITHOUT_PASSWORD to the Business Users.
5. Or create a new security policy from a copy of S_BUSINESS_USER_WITHOUT_PASSWORD.
6. Go to the System Logon Password: Easy Password section.
7. Ensure the option PolicyPassword Logon Enabled is not active. This will deactive the capability of the system to allow User and Password login method.
8. Press Save.

SSO login, No Password, Login method , KBA , SRD-CC-SEC , Security , How To

SAP Business ByDesign all versions ; SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions ; SAP Cloud for Travel and Expense all versions