How to configure SSO between IAS Tenant and BizX Instance
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
SuccessFactors BizX Platform
- Support creates and attaches metadata file of customers BizX Instance to incident for configuration on IAS side.
- Get IAS metadata file from customer for configuration on BizX Provisioning side.
Support Engineer needs to configure / troubleshoot through a screenshare session as the customer has the access to their IAS tenant.
- Applications > +Add > Name your Custom Application > click on SAML 2.0 Configuration to enter metadata file from BizX
- Browse to your saved metadata file and import
- It will auto-populate the required fields highlighted in the screenshot across
- These fields include the Identifier, ACS (Reply) URL, Signing Certificate and the Secure Hash Algorithm
- With IAS, we can now leverage SHA-256 whereas before, we were limited to SHA-1
- SHA-256 offers improved security and is one of the main drives behind moving to IAS
Retrieving IAS metadata file for BizX configuration:
- Tenant Settings > SAML 2.0 Configuration > Download Metadata file
BizX Configuration: IDP-Initiated Login (Bizx Config done by Support / Partner who has access to Provisioning)
- Asserting Party Name can be anything. IAS_COMPANYID for example
- Issuer from IAS metadata
- Certificate from IAS metadata
- The Idp is signing the Assertion so we set to ‘Assertion’
- Enable SAML Flag always set to ‘Enabled’
- Enforce the Signing certificate expiry set to ‘Yes’
BizX Configuration: SP-Initiated Login
- Same as IDP-Initiated Login covered above but with the added configuration of the SP-Initiated areas as shown
- Search IAS metadata file for the SingleSignOn and SingleLogout URL’s
IAS, IAS Tenant, SSO, SSO Integration between IAS Tenant and BizX , KBA , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-PLT-SEL , SSO Errors & Logs , LOD-SF-PLT-SAM , SAML SSO First Time Setup , How To