- How do I setup SP Initiated Login
- What settings do I need in Provisioning
- What are the best practices for SP Initiated Login settings
- Bizx Platform
In order to setup SP Initiated login, we need to know values for:
- Default Issuer :
If you have more than one asserting party, which asserting party will be the default for SP-Initiated ? (only one can be set here)
- single sign on redirect service location (to be provided by IdP)
Which URL to send the SP Authentication request to.
Typically this is provided by the IdP. It could be in the metadata file provided already (under SingleLogoutService section)
- Send request as Company-Wide issuer
What EntityID to send in the authentication request. This needs to match the setup on the customer end. Setting value to No sends the generic value for the datacentre, and Yes sends the value with the company ID.
For example, if they setup their system to recognize the SP using “www.successfactors.com” then our authentication request SAML message needs to contain the same value, so we set it to No.
If we want to send “www.successfactors.com/CompanyID” then we set it to Yes.
SP Signing certificate needs to be used from Success Factors, otherwise the IDP system might reject the SP initiated login request
- Service Provider
- Identity Provider
- Single Sign On
SAP SuccessFactors HCM Core all versions