2524768 - Restrict Concurrent BizX Sessions

• What does the feature Restrict Concurrent BizX Sessions refer to?
• How do we activate this feature?
• Why has this feature been introduced? Is it available for all countries?
• Does the feature apply to all types of login methods?
• Does this feature apply to mobile devices?
• Will this feature apply to different browsers?
• Can you give some examples of how this feature will work

** Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental **

SAP SuccessFactors HXM Suite

BizX allows multiple concurrent sessions for a single user account. With this change, we are restricting multiple sessions and will prompt a user to logout of other sessions before starting a new session

• For SAML2 user, the system will redirect to invalid login url when failed to login (this is the URL enter under Single Sign-On (SSO) Settings -> "Please enter the URL for Invalid Login URL redirect:" in provisioning)
• For PWD user, the system will redirect to message page with below error message:

"We found another active session for you and cannot log you in again. Please logout of
the existing session or try logging in after 30 minutes".

• This feature is available to activate since b1708 release.
• To enable this feature you will need to be a certified partner with provisioning access or contact customer support to enable the feature on Provisioning > Company Settings > Disallow concurrent login session
• Multiple concurrent sessions for one user could be a potential security flaw. Once activated for your instance, this feature will apply to all users regardless of the country they live in.
• Restrict Concurrent BizX Sessions only applies to web sessions. To understand how do Concurrent Session feature works on mobile devices, please refer to KBA 2939005.
• Concurrent sessions will not be allowed using different browsers when the feature is activated. So for example if a user has an open session using Internet Explorer, they will not be able to login to another session using Chrome until they have logged out of the initial session.

How the feature will work in 3 scenarios:

• User A logs into SuccessFactors + takes no action. For the 30 minutes while this session is active even though the user is not taking any action, User A cannot login to another session in any browser. After 30 minutes has elapsed, User A will be automatically logged out and can then login using another browser. Note: If the user closes out the browser application, he will need to wait 30 mins. (default BizX session timeout) to be able to access SuccessFactors instance again.
• User B logs into SuccessFactors + takes action for the first 15 minutes but does not logout. For the next 30 minutes User B performs no action but the session remains active, User B cannot login to another session in any browser. After 45 minutes from the initial login, user B will be automatically logged out and can then login using another browser. 
• User C logs into SuccessFactors + takes action. User C cannot login using another browser. User C logs out from the open session. User C can then login using another browser.

Please NOTE: SuccessFactors HXM suite (BizX) has a hard default setting of 30 minutes timeout of no activity, see KBA 2088893.If you would like to suggest any improvements or additional functionality in relation to this feature please review KBA 2090228 and follow the enhancement process.

2939005

2090228

2088893

Restrict Concurrent BizX Sessions, multiple sessions, Disallow concurrent login session, concurrent login, Disallow concurrent login session , KBA , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-PLT-SEC , Security Reports , Problem