/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
-
We are not able to click/access links within E-mail Notifications
-
Links in notifications received via email prompt user to enter credentials (username and password)
- Unable to access links in emails
- Emails are not working
- Dynamic deep links are not working
Environment
- SAP SuccessFactors HCM Suite
- SAP SuccessFactors Learning
Reproducing the Issue
- The user is not logged into SuccessFactors
- The user clicks on a link within email notification received from SuccessFactors - Example: Document Creation Notification.
- Instead of directing the user to the destination Page, the links would be taken either to the SuccessFactors login page or another page different from the expected page the link in the email was supposed to redirect
Cause
This happens when the SuccessFactors instance is set up with SSO and the user is not logged into SF (or authenticated at the IDP).
Due to the SuccessFactors application sends out automated email notifications for form creations, updates, and other events. These emails normally contain links that allow the user to login to the form directly without landing on the Home page first. Since SSO requires the user to login using the customer created SSO login process, these deep links don't work and therefore end user are directed to an unexpected page.
Resolution
We Support Two options for dealing with email links while on SSO - Dynamic Deep links:
- 1️⃣ Standard Emails with IDP Redirect or SP
If the Corporate IdP to IAS connection is set up for IdP initiated logon, SF login via deeplinks will not work because that is equivalent to SP initiated logon. In this situation, the options will be-> - Use only IdP initiated login for SF, without using any deeplinks.
Or, - Switch the Corporate IdP - IAS connection to support SP Initiated login, instead of IdP initiated.
Or, - If the Corporate IdP provides the option, maintain both SP-initiated and IdP initiated assertion endpoints so both kinds of login can be simultaneously supported.
Note: Whether this can be done is solely up to the Corporate IdP and it's available feature set. It cannot be dictated from the SuccessFactors or IAS end.
- 2️⃣ Modify Emails to point to generic SSO logins URLs
With this option form links in emails should be replaced with the generic link to the customers SSO login process. The system administrator for your SuccessFactors application should change all email links that look like below to something appropriate for their specific SSO setup, such as:
- Example 1: You can access this document at the following URL: [[DOC_ACCESS_URL]]
- OR, Example 2: You can access the PerformanceManager at the following URL: [[LOGIN_URL]]
⚠️ Side Note: If you are facing issues with Learning Management System (LMS) email notification links, please refer for the following articles:
See Also
Support please view internal memos for additional information.
Keywords
SSO, stands, Single Sign On, IDP, Identity, Provider, deeplinking, deeplink, “Deeplink IDP Login redirect", SuccessFactors, Deep Link, SAML , KBA , sf platform , sf email , LOD-SF-PLT-SEL , SSO Errors & Logs , LOD-SF-PLT , Platform Foundational Capabilities , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)