Symptom
- Is it possible to add a custom field apart from username to authenticate the SAML SSO?
- Is it possibel to user a different field than username to authenticate the SAML SSO?
Environment
SAP SuccessFactors HXM Suite
Resolution
This is possible by using custom columns in User Data File (UDF). Please find below the steps to enable this.
- As a first step, identify the column (custom field) that you would like to send as part of the Assertion;
- Identify the custom column which will be used to update the related info (CUSTOM01 to CUSTOM15);
- Update the identified custom column with the unique value for each employee. This action is very important, because if two users have the same value in this column they will be unable to login;
- Add the custom column header name in the SSO Configurations Page. The field name to be updated with cusotm column name is "SAML User Column";
- This will overwrite the default Username field Authentication and System will look for the column mentioned and starts authenticating the value for the corresponding user authentication;
We don't recommend this customization since we are not able to see in our logs if this custom field is unique to each user.
**Note: This only works with CUSTOM01 to CUSTOM15 standard elemts from the UDF or the default setting for Username. It will not work with other values from the UDF.
The custom column used must be added to the SAML USER Column in the SSO asserting party in all uppercase - example: If using custom02 it must be added to Provisioning to the asserting party > SAML User Column as CUSTOM02
Keywords
SSO SAML 2.0, custom field, attribute, additional attribute , KBA , LOD-SF-PLT-SSO , Single Sign-on , How To