Users are accessing the instance through the SSO using the SP-Initiated login URL and are getting directed to the IdP login page for them to enter credentials and then authenticate.
SAP SuccessFactors HXM Suite
Reproducing the Issue
- Enter the SP-initiated login URL in the browser (example: https://performancemangerX.successfactors.com/login?company=XXXX or https://performancemangerX.successfactors.com/login?company=XXXX&loginMethod=SSO);
- User is redirected to the IdP login page;
- User enters IdP credentials > user is authenticated and then redirected to the SF Homepage.
The SF URL link calls the IdP provider which is why the IdP login page appears. After entering the credentials, the IdP provider validates and matches the user in SF. If they meet the criteria, it calls upon the authentication and directs you to the SF Homepage.
This is the expected behavior for SP-Initiated logins. You will need to enter your credentials into the IdP login page first before you can enter the SF Homepage.
Moreover, an active IdP session must be open for the SP-Initiated URL to directly log you into the SF instance.
To illustrate further, the process workflow is:
SP-initiated login URL in browser > IdP Login Page > Enter credentials > SF Home page
NOTE: If you want to bypass this, please check with your IdP provider on how to remove the IdP login page to directly log into the SF Homepage using the SP-initiated login URL.
For example, for ADFS, there is a certificate that needs to be uploaded. Hence, please reach out to your IdP provider on how to perform this.
SP initiated login URL, SSO, behavior, IdP login page, SF home page, Successfactors URL, credentials , KBA , LOD-SF-PLT-SAM , SAML SSO First Time Setup , Problem