SAP Knowledge Base Article - Public

2210203 - Is there a way to make use of Other columns in User data file apart from Username to authenticate SSO requests

Symptom

  • Is it possible to add a custom field apart from username to authenticate the SAML SSO?
  • Is it possibel to user a different field than username to authenticate the SAML SSO? 

Environment

SAP SuccessFactors HXM Suite

Resolution

This is possible by using custom columns in User Data File (UDF). Please find below the steps to enable this.

  1. As a first step, identify the column (custom field) that you would like to send as part of the Assertion;
  2. Identify the custom column which will be used to update the related info (CUSTOM01 to CUSTOM15);
  3. Update the identified custom column with the unique value for each employee. This action is very important, because if two users have the same value in this column they will be unable to login;
  4. Add the custom column header name in the SSO Configurations Page. The field name to be updated with cusotm column name is  "SAML User Column";
  5. This will overwrite the default Username field Authentication and System will look for the column mentioned and starts authenticating the value for the corresponding user authentication;

We don't recommend this customization since we are not able to see in our logs if this custom field is unique to each user.

**Note: This only works with CUSTOM01 to CUSTOM15 standard elemts from the UDF or the default setting for Username. It will not work with other values from the UDF.

The custom column used must be added to the SAML USER Column in the SSO asserting party in all uppercase - example: If using custom02 it must be added to Provisioning to the asserting party > SAML User Column as CUSTOM02

Keywords

SSO SAML 2.0, custom field, attribute, additional attribute , KBA , LOD-SF-PLT-SSO , Single Sign-on , How To

Product

SAP SuccessFactors HCM Suite all versions