2505553 - Basic authentication is not working in a SSO enabled instance - SuccessFactors

• You are trying to do API calls (SFAPI/OData) providing the API user credentials (Basic Authentication) but is receiving Unauthorized (401) error.
• Your SuccessFactors (SF) instance is Single Sign On (SSO) enabled without the IAS/IPS feature;

SAP SuccessFactors HXM Suite

1. Enable SSO in your SF instance;
2. Try to do some API call;

In a API call where the API user has SSO as login method the SF system credentials are not validated.

The API user's login method needs to be PWD (Basic Authentication).

One possible solution is to enable the Partial SSO feature. The Partial Organization SSO (Single Sign On) feature allows an organization to specify some users authenticate (login) through SSO while others authenticate through the username/password login page (IMPORTANT: SSO in Provisioning is not an option for IAS-enabled instances)

This feature is opt-in and is enabled by Customer Support or Partners. Refer to the KBA 2088837 to see how to implement it.

Alternatively:

• Via API, you can try to upsert the field <password> in the User entity for the API user;
• OR create new user with PWD and password through import (Admin center > Import Employee Data);

Note: 

1.When SF instance is SSO enabled, the Basic Authentication should be used only by users who need administrative access for system-to-system data integration.

2.The SSO enablement only impacts UI-based login and does not affect Basic Authentication for APIs. API users can continue accessing APIs using their BizX username and password credentials.

KBA 2088837 - [SSO] Partial Organization Single Sign-On - BizX Platform

KBA 2693822 - Error message '401: Unauthorized'

auth, validation, authorization, not, allow, allowed, cannot, be used, API, user, call, login method, pwd , KBA , LOD-SF-INT-API , API & Adhoc API Framework , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , Problem