SAP Knowledge Base Article - Public

2505553 - Basic authentication is not working in a SSO enabled instance - SuccessFactors


  • You are trying to do API calls (SFAPI/OData) providing the API user credentials (Basic Authentication) but is receiving Unauthorized (401) error.
  • Your SuccessFactors (SF) instance is Single Sign On (SSO) enabled without the IAS/IPS feature;


SAP SuccessFactors HXM Suite

Reproducing the Issue

  1. Enable SSO in your SF instance;
  2. Try to do some API call;


In a API call where the API user has SSO as login method the SF system credentials are not validated.


The API user's login method needs to be PWD (Basic Authentication).

One possible solution is to enable the Partial SSO feature. The Partial Organization SSO (Single Sign On) feature allows an organization to specify some users authenticate (login) through SSO while others authenticate through the username/password login page.

This feature is opt-in and is enabled by Customer Support or Partners. Refer to the KBA 2088837 to see how to implement it.


  • Via API, you can try to upsert the field <password> in the User entity for the API user;
  • OR create new user with PWD and password through import (Admin center > Import Employee Data);

Note: When SF instance is SSO enabled, the Basic Authentication should be used only by users who need administrative access for system-to-system data integration.

See Also

KBA 2088837 - [SSO] Partial Organization Single Sign-On - BizX Platform

KBA 2693822 - Error message '401: Unauthorized'


auth, validation, authorization, not, allow, allowed, cannot, be used, API, user, call, login method, pwd , KBA , LOD-SF-INT-API , API & Adhoc API Framework , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , Problem


SAP SuccessFactors HCM Core all versions