SAP Knowledge Base Article - Public

2674232 - Configuring SSO between IAS Tenant and BizX Instance - BizX Platform

Symptom

 How to configure SSO between IAS Tenant and BizX Instance

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

 SuccessFactors BizX Platform

Resolution

SAML Communication.png

Initial Steps:

  • Support creates and attaches metadata file of customers BizX Instance to incident for configuration on IAS side.
  • Get IAS metadata file from customer for configuration on BizX Provisioning side.

IAS Configuration:

IAS Configuration.png

  • Support Engineer needs to configure / troubleshoot through a screenshare session as the customer has the access to their IAS tenant.
  • Applications > +Add > Name your Custom Application > click on SAML 2.0 Configuration to enter metadata file from BizX

IAS Configuration2.png

  • Browse to your saved metadata file and import
  • It will auto-populate the required fields highlighted in the screenshot across
  • These fields include the Identifier, ACS (Reply) URL, Signing Certificate and the Secure Hash Algorithm
  • With IAS, we can now leverage SHA-256 whereas before, we were limited to SHA-1
  • SHA-256 offers improved security and is one of the main drives behind moving to IAS



Retrieving IAS metadata file for BizX configuration:

Retrieving IAS metadata file for BizX configuration.png

  • Tenant Settings > SAML 2.0 Configuration > Download Metadata file

BizX Configuration: IDP-Initiated Login (Bizx Config done by Support / Partner who has access to Provisioning)

BizX config1.png

  • Asserting Party Name can be anything. IAS_COMPANYID for example
  • Issuer from IAS metadata
  • Certificate from IAS metadata
  • The Idp is signing the Assertion so we set to ‘Assertion’
  • Enable SAML Flag always set to ‘Enabled’
  • Enforce the Signing certificate expiry set to ‘Yes’

BizX Configuration: SP-Initiated Login

BizX config2.png

  • Same as IDP-Initiated Login covered above but with the added configuration of the SP-Initiated areas as shown
  • Search IAS metadata file for the SingleSignOn and SingleLogout URL’s

Keywords

 IAS, IAS Tenant, SSO, SSO Integration between IAS Tenant and BizX , KBA , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-PLT-SEL , SSO Errors & Logs , LOD-SF-PLT-SAM , SAML SSO First Time Setup , How To

Product

SAP SuccessFactors HCM Suite all versions