/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- Which 3rd party platforms are supported for Outbound SSO requests?
- You want SuccessFactors to act as the identity provider for a 3rd party environment;
- Considerations for a Outbound SSO to 3rd party scenario where connection is initiated through a link in SuccessFactors;
- What falls under support scope and what warrants a Professional Services or Consultant Engagement.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP SuccessFactors HCM Suite
Resolution
Currently, there are some prerequisites and parameters that will define how the Outbound SSO configurations from SuccessFactors to 3rd Party Solutions will be conducted.
Please check the below considerations regarding this SSO Implementation scenario:
Support will be able to provide assistance on the request if:
- The customer 3rd party has a proven track record of having enabled this before with SuccessFactors HXM Suite, and;
- The customer 3rd party SSO expert contact is engaged and available to assist with the 3rd party configurations.
Current limitations:
- The 3rd party has to be able to support what BizX offers in terms of features.
- Anything outside of the supported features we have no capability to change and this will mean the end of engagement from support side without exceptions.
- We recommend 3rd party applications to use SAP Cloud Identity Services – Identity Authentication (IAS) for authentication -> If the 3rd party application can support SSO with IAS as IDP, we would recommend to integrate with IAS as IDP instead of using SF as IDP .SF as IDP is currently on maintenance mode, with no plan for future enhancements, and is under evaluation for deprecation in the future.
The KBA 2149831 brings further guidance on how to contact them and request further assistance on implementations.
Partners: please review document attached.
Support Team: please see internal memo.
Notes :
1) When SAP SuccessFactors Identity Provider is configured for member login using SSO to Benefitfocus Solution Extension, it uses a special identifier “BFSSOIdentifier” which is a combination of Employee’s Date of Birth and Social Security Number.
For more details please refer KBA: https://me.sap.com/notes/3428085
2) With SF as IDP, the NameID is always set to userid, and SF will always return person guid in SAML response for all downstream module .For a sample SAML response and attributes included, please refer to the example below
(You can verify the Person GUID in SF via data inspector table (Table_PER_PERSON) -Admin Center-> Data inspector table -> Filter the criteria for Users Sys ID = User ID and the result table shows Person GUI table)
See Also
- 2149831 - Contacting Professional Services, Partner and Account Management Team - SuccessFactors Cloud.
Keywords
SuccessFactors SSO, Outbound SSO, Outbound, 3rd party, 3rd party outbound, IDP, Professional Services , KBA , LOD-SF-PLT-OBD , Outbound SSO , LOD-SF-PLT-SSO , Single Sign-on , Problem
Product
Attachments
| SuccessFactors+SSO+to+3rd+Party+Vendors.docx |
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)