SAP Knowledge Base Article - Public

2674232 - Manually configuring SSO between IAS Tenant and BizX Instance - BizX Platform

Symptom

Customer SF/IAS setups are no longer supposed to manual. This KBA is for reference only and for customer setups the following KBA (Upgrade Center based process) should be used 2791410

  • How to configure SSO between IAS Tenant and BizX Instance;
  • How to setup IAS - SuccessFactors integration;

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

  • SAP SuccessFactors HXM Suite
  • SAP Cloud Platform Identity Authentication Service

Resolution

SAML Communication.png

This integration is just related to SSO to authenticate on SuccessFactors, having no impact on 3rd Party Integrations such as Boomi or SF API connections.

ALL IAS-SUCCESSFACTORS INTEGRATION SHOULD BE DONE THROUGH UPGRADE CENTER AS REFERRED ON THIS KBA 2791410

MANUAL CONFIGURATION SHOULD BE LIMITED TO ADJUSTMENTS ON SPECIFIC BUSINESS CASES AND BE AVOIDED.

THIS KBA IS ONLY TO BE USED IN REFERENCE IN CASE YOUR CONFIGURATION FACES ISSUES OR YOU NEED A REFERENCE.

Initial Steps:

  • Create a metadata file specific for your BizX Instance for configuration on IAS side.
    • See KBA 2747798 - How to create the metadata file for Single Sign On between SuccessFactors and Identity Provider
  • Retrieve the IAS metadata file for BizX configuration for configuration on BizX Provisioning side.
    • See section "Retrieving IAS metadata file for BizX configuration" below.

SAP Cloud Platform Identity Authentication Service (IAS) Configuration:

  • You should have an existing IAS tenant to start this process.
  • To add the SuccessFactors configuration in IAS, follow these steps-
    • Applications > +Add > Choose type as SAP SuccessFactors > Provide any Name for the Application & save it
    • Then, click on SAML 2.0 Configuration to enter metadata file from BizX

IAS Configuration.png

    • Click Browse to select your saved SuccessFactors metadata file and import the same. It will auto-populate the required fields highlighted in the screenshot across

IAS Configuration2.png

    • These fields include the Identifier, ACS (Reply) URL, Signing Certificate and the Secure Hash Algorithm.
      With IAS, we can now leverage SHA-256 whereas before, we were limited to SHA-1. SHA-256 offers improved security and is one of the main drives behind moving to IAS.
    • Save the SAML 2.0 page.

  • After the SAML 2.0 settings are saved, you will need to select the right IAS user field as Subject Name Identifier. The selection for this screen will be dependent on which field in your IAS (example-> Login Name) stores the same data as SuccessFactors Username, since the SSO login will be based on that.
    Note: If IAS is being used just as a proxy to Corporate IdP, then this selection will not matter.

Retrieving SAP IAS metadata file for BizX configuration:

  • Tenant Settings > SAML 2.0 Configuration > Download Metadata file
    Retrieving IAS metadata file for BizX configuration.png

SAP SuccessFactors BizX Configuration: (Bizx Config done by Partner / Customer Support who has access to Provisioning)

The following are the SSO settings that should be configured.

BizX config1.png

  • Asserting Party Name can be anything. IAS_COMPANYID for example
  • Issuer from IAS metadata entityID section.

Certificate from IAS metadata X509Certificate section.

Note: In case you face the follow warning/error "You can only have one asserting party that has 'SAP IAS integration flag' checked. Please confirm.", It means that you probable have another asserting Partie with the option SAML V2: SAP Identity Authentication Integration flagged, kindly unflag it from previous asserting and try again update the new one. 

See Also

2813054 - How to setup SuccessFactors BizX-IAS integration to sync users from BizX to IAS

2791410 - Integrating SuccessFactors with Identity Authentication through the Upgrade Center

2751968 - Information required when requesting an Identity Authentication tenant

2747798 - [SSO] Creating the Metadata File for SSO Between SuccessFactors and Identity Provider

2674264 - Configuring SSO between Corporate IdP, Identity Authentication tenant and SuccessFactors

2945740 - People Analytics Upgrade fails with error pointing that IAS is not configured on your instance ( Checklist to confirm if IAS is correctly enabled) - SAP for Me

Configure IdP-Initiated SSO with Corporate Identity Providers

Keywords

Subject Name Identifier, integration,  SAML 2.0, BizX Instance, IAS, SSO, tenant,  Single Sign On, ics   , KBA , LOD-SF-PLT-IAS , Identity Authentication Services (IAS) With BizX , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-PLT-SEL , SSO Errors & Logs , LOD-SF-PLT-SAM , SAML SSO First Time Setup , How To

Product

SAP SuccessFactors HCM all versions