/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
You have some of your business users which don't use SSO set to Security Policy S_BUSINESS_USER and others with S_BUSINESS_USER_WITHOUT_PASSWORD which are using SSO.
However the users which have S_BUSINESS_USER policy are also able to log using SSO if they add the tag "-sso" to the application URL (e.g. https://myXXXXXX-sso.crm.ondemand.com / https://myXXXXXX.sapbydesign.com).
Environment
- SAP Cloud For Customer
- SAP Business ByDesign
Reproducing the Issue
- Go to Administration (C4C) or Application and User Management (ByD).
- Go to Business Users.
- Enter any business user.
- Click to Edit.
- In Security Policy field select policy S_BUSINESS_USER.
- Save the user.
- Log off the system.
- Attempt to log with the user using the tag "-sso" in the URL.
- User will be able to login.
Cause
None of the available policies disables the SSO for any user. The S_BUSINESS_USER_WITHOUT_PASSWORD policy can be used when you want only SSO to be used for an user, but vice versa is not possible.
Resolution
This is the standard behavior of the system.
If you need this functionality urgently you may contact your implementation manager to help with such request or approach directly the SAP Cloud Service Center.
You can find more details about the services offered by Cloud Service Center . You can contact Cloud Service Center as follows:
- If you are a partner: please use cloudsolutionpartner@sap.com or the Partnerfinder
- If you are a customer: please use the little blue box “Contact Us” shown on the very right hand side of SAP Application Development site , choose “Contact Us”, choose “Services”, choose “SAP Custom Development” and complete the page.
Note: The services of the SAP Cloud Service Center will be charged as packaged services based on fixed prices.
An alternative option may be to check the SAP Customer Influencer Site to submit an idea.
Keywords
SSO; Policies; Security; Logon; , KBA , SRD-CC-SEC , Security , How To