Symptom
How to change the redirect URLs for Single Sign On?
Environment
- SAP SuccessFactors HXM Suite
- SAP Cloud Platform Identity Authentication Service
Resolution
When you enable Single Sign On on your instance, you have 5 scenarios where you can set a redirect URL:
- When users do logout
- When there is a session timeout
- When there is an invalid login
- When missing credentials
- When there is an invalid manager
These settings are done in Provisioning, in the Single Sign On page. The default value of this redirections is null. SAP has a list with all the default pages that our customers can use, in case you don't have any particular page to set for this. You can check all these URLs for each DC in this KBA: Default Redirect URLs for Single Sign On.
To change these redirect URL:
- If the instance has IAS enabled and a Corporate IdP is connected to IAS (which will be acting as Proxy IdP) for login:
You can access the Manage SAML SSO Settings in "Admin Center" > "Tools" > "SAML 2.0 Single Sign On" and change the URL as described on the "Configure the URL redirect links" section of KBA 2569087. If the Corporate IdP entry is already created in that screen, just edit and input the redirect URLs as needed.
Note: If you do not have access to Manage SAML SSO Settings, check with your SuccessFactors Administrator to provide you with the permission to the feature as referred on KBA 2674588
- If the instance has IAS enabled and IAS itself is being used as the IdP for login:
There are two options to update the redirect URLs -
- You can go to "Admin Center" > "Tools" > "SAML 2.0 Single Sign On" > Set Non SAML redirect Links: > Redirect URL when session timeout: Enter the redirect URL when the session times out and the user select the login option.
- The Redirect URLs can also be set in Provisioning -> Single Sign-On (SSO) Settings. Considering that only Support and Implementation Partners have access to Provisioning, to change these URLs you need to contact your partner or create an case to Support (under component LOD-SF-PLT-SAM)
- If the instance does not have IAS enabled and is directly connected to any Corporate IdP (via Provisioning) for login:
The Redirect URLs will need to be set in Provisioning -> Single Sign-On (SSO) Settings.
Considering that only Support and Implementation Partners have access to Provisioning, to change these URLs you need to contact your partner or create an case to Support (under component LOD-SF-PLT-SAM)
See Also
2278269 - [SSO] Default Redirect URLs for Single Sign On
Keywords
Redirect URL, SSO, Single Sign On, URL, Logout, Session Timeout, Invalid Login, Missing Credentials, Invalid Manager , KBA , LOD-SF-PLT-SAM , SAML SSO First Time Setup , LOD-SF-PLT-IAS , Identity Authentication Services (IAS) With BizX , How To