Azure ActiveDirectory integration with SuccessFactors
- BizX Platform
SAP Note: Please see the attachment to view the images.
The objective of this tutorial is to show the integration of Azure and SuccessFactors in SP initiated single sign-on mode.
The scenario outlined in this tutorial assumes that you already have the following items:
- A valid Azure subscription
- A SuccessFactors single sign-on enabled subscription in SP initiated mode
After completing this tutorial, the Azure AD users you have assigned to SuccessFactors will be able to single sign into the application at your SuccessFactors company site (service provider initiated sign on), or using the Introduction to the Access Panel.
The scenario outlined in this tutorial consists of the following building blocks:
- Enabling the application integration for SuccessFactors
- Configuring single sign-on
- Configuring user provisioning
- Assigning users
The objective of this section is to outline how to enable the application integration for SuccessFactors.
In the Azure classic portal, on the left navigation pane, click Active Directory.
From the Directory list, select the directory for which you want to enable directory integration.
To open the applications view, in the directory view, click Applications in the top menu.
Click Add at the bottom of the page.
On the What do you want to do dialog, click Add an application from the gallery.
In the search box, type SuccessFactors.
In the results pane, select SuccessFactors, and then click Complete to add the application.
The objective of this section is to outline how to enable users to authenticate to SuccessFactors with their account in Azure AD using federation based on the SAML protocol.
To get single sign-on configured, you will have to contact your SuccessFactors support team.
In the Azure classic portal, on the SuccessFactors application integration page, click Configure single sign-on to open the Configure Single Sign On dialog.
On the How would you like users to sign on to SuccessFactors page, select Microsoft Azure AD Single Sign-On, and then click Next.
On the Configure App URL page, perform the following steps, and then click Next.
- In the SuccessFactors Sign On URL textbox, type your URL used by your users to sign on to your SuccessFactors application (e.g.: "https://performancemanager4.successfactors.com/sf/home?company=CompanyName&loginMethod=SSO").
In the SuccessFactors Reply URL textbox, typehttps://performancemanager4.successfactors.com/saml2/SAMLAssertionConsumer?company=CompanyName.
On the Configure single sign-on at SuccessFactors page, to download your certificate, click Download certificate, and then save the certificate file on your computer.
To get SAML based single sign-on configured, contact your SuccessFactors support team and provide them with the following items:
- Metadata File from Customers Idp
- Please specify if you would like to use SP initiated login or Idp initiated login
- Is the customers Idp intending on signing the Response, the Assertion or Both
In most cases, this is all the information we need to configure SSO on our end.
Please ask your SuccessFactors support team to set the NameId Format parameter to "Unspecified".
Your Successfactors support team will send you the correct Successfactors Reply URL you need for the Configure App URL dialog.
On the Azure classic portal, select the single sign-on configuration confirmation, and then click Complete to close the Configure Single Sign On dialog.
In order to enable Azure AD users to log into SuccessFactors, they must be provisioned into SuccessFactors.
In the case of SuccessFactors, provisioning is a manual task.
To get users created in SuccessFactors, you need to contact the SuccessFactors’ support team.
To test your configuration, you need to grant the Azure AD users you want to allow using your application access to it by assigning them.
In the Azure classic portal, create a test account.
On the SuccessFactors application integration page, click Assign users.
Select your test user, click Assign, and then click Yes to confirm your assignment.
If you want to test your single sign-on settings, open the Access Panel. For more details about the Access Panel, see Introduction to the Access Panel.
Microsoft Forum URL for the same:
Azure ActiveDirectory integration with SuccessFactors Tutorial Microsoft SSO , KBA , LOD-SF-PLT-SSO , Single Sign-on , How To