Symptom
This article covers implementing Partial Organization Single Sign On.
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
Environment
SAP SuccessFactors HXM Suite
Reproducing the Issue
Cause
Resolution
Implementation main steps:
The main steps for Implementing Partial Organization Single Sign On are:
- Enabling the loginMethod standard element in the Succession Data Model, and making it visible in the User data File (Employee Export)
- Enabling the Partial Organization feature in Provisioning
- Configuring the loginMethod to PWD for users that will be logging using the username & password instead of SSO.
Note: Steps 2 and 3 are interchangeable. As soon as Step 1 has been completed you will be able to setup the loginMethod even if Partial Organization SSO is not yet turned on.
Step 1: Enabling the loginMethod standard element
You can configure loginMethod following the below steps:
- From Admin Center > Manage Business Configuration (BCUI)
- Expand Employee Profile
- Expand Standard
- Find the loginMethod field and enable it
To include the field, you need to follow the below steps:
- Go to Manage Business Configuration > Employee Profile
- Expand "View Template"
- Open sysUserDirectorySetting
- From that page, select Take Action > Make Correction
- Then for both sysVisibleUserDirectorySetting and sysAllUserDirectorySetting, open the Details link
- Add loginMethod as a Standard Element
For more details on how to work on BCUI, please review the KBA 2801085 - How to Work With the Manage Business Configuration (BCUI) feature in SuccessFactors - SAP for Me
Step 2: Grant RBP (Role Base Permission) for loginMethod field.
- Go to "Admin Center" > "Manage Permission Roles";
- Select the role for which you want to grant the permissions;
- Select the "Employee Data" tab, in the "User Permissions" section;
- Select permissions for the Login Method field;
- Click Save Changes.
- Logout from the system and login back again
Step 3: Enabling the Partial Organization feature in Provisioning
Enable the "Partial Organization SSO" feature in the provisioning tool under Single Sign-On (SSO) Settings.
Step 4: Configuring the loginMethod for users
Now you can set the loginMethod for the user by setting values in the "loginMethod" field.
- Export the UDF file via Admin Center -> Employee Export (see KBA 2087479)
- Click on Export User File
- Open the Employee export file
- Modify the users Login_Method you wish to change
- Change a users Login_Method from either SSO to Blank or from PWD to Blank
- Import the file via Admin Center -> Import Employee Data (see KBA 2087479)
- Verify the import was successful
- Check if the changes made were applied in the application
You can download the employee import template from Admin tools as the new column should also be displayed there.
Note: It is expected that customers set this value through the Employee Import file, most likely as an automated FTP process.
See Also
Keywords
Data model, Partial Single Sign On, configurations, provisioning, xml, login method, PWD, SSO, partner, consultant, bcui, manage business configuration , KBA , LOD-SF-PLT-SAM , SAML SSO First Time Setup , Problem