2722881 - Platform: User Account Decoupling

This article describes the User Account Decoupling related behavior.

In b1911 release, the User Account Decoupling feature has been made universal. The accounts have been decoupled from users universally, meaning that a person can have multiple users but only one login account. The login account is active as long as the person has at least one active user.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental. 

SuccessFactors - Platform

This Article describes the User Account Decoupling related behavior. For information related to the different types of ID's (Person and User) please refer to the following articles for additional information -:

• 2495643 - SuccessFactors User IDs - Clarifying the Different IDs
• 2493579 - Employee Central: Person/User IDs Used Within Employee Central

Index

• Table Guide
• User Account Decoupling is enabled
• If User Account Decoupling is disabled
• How can I view the current "Username of User" and "Username of User Account"

Table Guide

The below refers to the verbiage used to explain the feature behaviour. Database tables which are used to maintain Person, User and User Accounts are mentioned. These tables are not accessible via the Application.

• "User" means the record in USERS_SYSINFO table.
• "User Account" means the record in USER_ACCOUNT table.
• "Person" means the record in PER_PERSON table.
• "Employment" means the record in EMP_EMPLOYMENT_INFO table.
• "Username of User Account" means the username column of USER_ACCOUNT table. This is the username that customer should use to log in to BizX.
• "Username of User" means the users_sys_username column of USERS_SYSINFO table.

User Account Decoupling is enabled

The default "Username of User Account" is the username of the first user of the person.

For example, if cgrant1 is the Username of the first "User" of the "Person", the username of user account will be cgrant1 by default.

USERS_SYSINFO

USER_ACCOUNT

"When the username, defaultLocale and loginMethod of "Linked User" of the "Person" is updated, the corresponding fields in "User Account" will be updated as well. When a new "User" is added to the "Person", for the Global Assignment or Concurrent Employment scenario, the "Username of User Account" will not be updated.

For example, IF this person's USERNAME in USER_ACCOUNT is cgrant2, which makes cgrant2 is the linked user. So if the username of cgrant2 is updated to cgrant2new, the "Username of User Account" will be updated to cgrant2new as well.", if update cgrant1's username, the "Username of User Account" will not be updated because cgrant1 is not "Linked User". (Linked user: whose username in USERS_SYSINFO = username in USER_ACCOUNT)

USER_ACCOUNT

If a new user cgrant3 is added to the same "Person", the "Username of "User Account" will not be updated.

USERS_SYSINFO

USER_ACCOUNT

If the "Person" has at least one active "User", the "User Account" status will be active. If the "Person" does not have any active "User", the "User Account" status will be inactive.
For example, if user cgrant1 is inactive and user cgrant2 is active, the "User Account" will be active.

USERS_SYSINFO

USER_ACCOUNT

If both "User" cgrant1 and "User" cgrant2 are inactive, the "User Account" will be inactive.

USERS_SYSINFO

USER_ACCOUNT

The End User should use the "Username of User Account" to log in. Though the End User might be able to use "Username of User" to log in, it is not officially supported and might be disabled in the future.

When the user logs in, the system will do the authentication based on user account first.

1. If it succeeds, the system will check login permission and create session with the main user of the person. Here is the definition of main user.
1. If "Global Assignment" feature is enabled and the person has home employment, the system will use the home user as main user. Otherwise the system will go to case 2.
2. If "Concurrent Employment" feature is enabled and the person has primary employment, the system will use the primary employment user as main user. Otherwise the system will go to case iii.
3. If "Log in with old user name in case of a rehire with a new employment" feature is enabled and the person has at least one active user, the system will use the first active user of the person as main user. Otherwise the system will go to case iv.
4. The system will use the user whose username is same with the login username to check login permission and create session.
5. If the user has redirect_login_to value, the system will create session with the user stored in redirect_login_to.
2. If it fails, the system will do the authentication based on user again. If it succeeds, the system will check login permission and create session with the user whose username is same with the login username.

If User Account Decoupling is disabled [Currently it's not possible to disable decoupling, however this section is retained for purely educational purposes]

The "Username of User Account" is same with the username of the first "User" of the "Person".

For example, if cgrant1 is the "Username" of the first "User" of the "Person", the "Username of User Account" will be cgrant1 by default as well.

USERS_SYSINFO

 USER_ACCOUNT

When the "Username", status, defaultLocale and loginMethod of this "User" is updated, the corresponding fields in "User Account" will be updated as well. If these fields are updated for the other "Users" of the same "Person", "User Account" will not be updated.

For example, if the username of cgrant1 is updated to cgrant1new, the username of user account will be updated to cgrant1new as well.

USERS_SYSINFO

USER_ACCOUNT

If the status of cgrant1 is updated to inactive, the status of user account will be updated to inactive as well.

USERS_SYSINFO

If the username of cgrant2 is updated to cgrant2new, the username of user account will not be updated.

USERS_SYSINFO

USER_ACCOUNT

For example, if the "Username of User Account" is cgrant1new, but the "Usernames of the User" of the same "Person" are cgrant1 and cgrant2, the system will need to update the "Username of User Account" to cgrant1 or update the "Username of User" cgrant1 to cgrant1new.

USERS_SYSINFO

USER_ACCOUNT

How can I view the current "Username of User" and "Username of User Account"

We first recommend to use Manage Login Accounts tool to view the current "Username of User" and "Username of User Account"

• 2859043 - Q4 1911 - Manage Login Accounts tool

You can also check these information from "Resetting User Passwords":

1. Go to Admin Center > Reset User Passwords or Reset User Account pages.
2. Search for a "Person" by using their First/Last Name or you can search for "Username"

For example, the User Name column on following page is username of user, and Log in Name column on following page is username of user account.

• 2859043 - Q4 1911 - Manage Login Accounts tool
• 2495643 - SuccessFactors User IDs - Clarifying the Different IDs
• 2493579 - Employee Central: Person/User IDs Used Within Employee Central

PLA-6921, PLA-8665, Enable User Account Decoupling, login, SSO, username, user account, Employee Central, Global Assigment, Concurrent Employement, userID, manage login account, enable account decoupling, decouple account from user, decouple users, linked account, user login information, PLA-8665 , KBA , LOD-SF-PLT-SEL , SSO Errors & Logs , LOD-SF-EC , Employee Central , How To