What is Support Access and how do I give Support Access to the SuccessFactors Support team?
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
SAP SuccessFactors HXM Suite
What is Support Access?
Support Access is a secure way for you to provide an authorized technical support person (like SuccessFactors Customer Success) temporary access to a user account within your company in order to diagnose a problem or troubleshoot an issue. Using Support Access, no employee passwords or personal information are required or forwarded to the technical support person, making this a secure access point for your company.
When you call or log a case with Customer Support, and there is a need for the Customer Support Agent to log into your instance, you will enable Support Access for a specific username (preferably an admin account with full permissions) and provide just the username of that account to the agent so they can login to your instance.
- You need to set the expiration date for the support access by configuring the Date and Time in the Time-bound access column in Manage Support Access page.
- You have the ability to turn off Secure Access for that user when you have no more need for them to access your site.
- This provides you with a very high level of security and access control
How to Enable Secondary Login Feature in Your Instance
It is required that the feature "Enable Secondary Login" is turned on, in the instance for you to grant support access for a user.
This is done as follows:
Via Admin Center > Platform Feature Settings
1. Ensure that you have permissions to Platform Feature Settings. Please refer to KBA 2251324 - How to enable Platform Feature Settings for more details.
2. Navigate to Admin Center > Platform Feature Settings > Check 'Enable Secondary Login Feature'.
Once you have enabled "Enable Secondary Login Feature" using the instructions mentioned above, you will need to grant permissions to make "Manage Support Access" page available from Admin Center page.
Granting RBP (Role Based Permissions)
- Go to “Manage Permission Roles”
- Select the role the user belongs to > Select “Permissions”
- Click on “Manage Users”
- Check Manage Support Access
- Click Finished, then Save
Granting "Support Access" for a Specific User Account
SAP Note: make sure the General Permission: "search users" is granted to the user using the "manage support access" feature else the user will be able to access the manage support access but not search for users to grant access to.
- Go to Admin Center
- In the Tool Search or Search Tools box, type Manage Support Access
- It's recommend you enable a user account with full administrative permissions to allow support staff to investigate the issue thoroughly without hindrance
- If the account used is restricted in scope and permission, it is possible you will be requested to provide additional information such as screenshots or replication steps, or data files, and any other content that they might be unable to view due to the restrictions of the account
- Not having administrator permissions is likely to result in slower resolve time as well as your active participation in providing additional information
- It is suggested you change the username and/or make sure username is complex
- Avoid using common usernames like admin, adminsf, sfadmin, csadmin, admincs etc.
- Always ensure Time Bound Access expires on a date that is set in the future
- If it is set on a past date, your support engineer will be unable to log in with it
- Conversely, we also advise against setting it for longer than needed by Product Support
- Support access usernames are case sensitive
- To minimize back-and-forth with Product Support, be sure to provide your support engineer with the exact spelling and capitalization of your support access username
The Support Access application has double-layered security, meaning SucessFactors Support Staff must first log into a secure interface before logging into any instance. Each agent providing support first logs into this interface a unique username and password. Only then will they be able to select an instance and log into it using the username provided
- For security reasons, Support access information should not be provided in the text area of incidents. Instead it should be added to the Logon Depot area
- Refer to section 1A of KBA 1773689 – How to add log on credentials securely to an incident in order to add your support access username to the Logon Depot
sf, success factors, username, passwordless, support, access, grant, staff, how, enable, account, permission , KBA , support access , sf platform , LOD-SF-PLT , Platform Foundational Capabilities , How To