2395483 - How does SF system identify user type with partial SSO setup

SAP Knowledge Base Articles - public

2395483 - How does SF system identify user type with partial SSO setup


Some company is using the partial organization SSO (Single Sign On) feature which allows an organization to specify some users authenticate (login) through SSO while others authenticate through the username/password standard login page.

However sometimes user may get wrong redirection when they try to access SF BizX via clicking direct login URL. A PWD user may be redirected to SSO login page, or a SSO user is redirected to PWD login page, which caused user confusion.

This article explains the logic and priority how system identifies the user type and redirection page basing on parameters and settings in partial SSO scenario.


BizX all version

Reproducing the Issue

Access SF BizX via direct login URL.




Here is details of logic priority for direct login URL under partial SSO:


1. The system will check loginMethod from URL request at first, see if there's "loginMethod" parameter defined in the login URL directly. (loginMethod=SSO,loginMethod=PWD)

http://performancemanagerX.successfactors.com/login?company=COMPANYID&loginMethod=PWD → Redirect to standard BizX login page

http://performancemanagerX.successfactors.com/login?company=COMPANYID&loginMethod=SSO → Redirect to SSO login page

Generally, if Partial Organization SSO is enabled for a company, then the special URL as below is usually provided for PWD users to access the Company Login Page.



2. If there is no username in the request, the system will check whether "loginMethodCookieKey" cookie is already saved in your browser.  


loginMethodCookieKey=PWD → Redirect to standard BizX login page

loginMethodCookieKey=SSO → Redirect to SSO login page



3. If there is username included in the request, the system will check login_method for that user from database basing on username. (login_method=SSO,login_method=PWD)


login_method for TESTUSER=PWD → Redirect to standard BizX login page

login_method for TESTUSER=SSO → Redirect to SSO login page



For SSO and PWD user login, the cookie loginMethodCookieKey will be set as permanent once login successfully.

In some rare case where "PWD user login then switch to SSO user or SSO user switch to PWD user" or "PWD user and SSO user share the same computer", please clear the browser cookie manually everytime before login to get to be redirected to the correct login page.




partial SSO,logic,loginMethod,loginMethodCookieKey,login_method,PWD,SSO , KBA , LOD-SF-PLT , Foundational Capabilities & Tools , How To


SAP SuccessFactors HCM Core all versions