3292449 - External Onboardees unable to login the system because it is redirecting to the SSO login Page - Onboarding

SSO has been enabled, but onbordees are unable to login to the system because it is asking for the company's domain email ID. Typically, SSO should not be applicable for onbordees.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

1. The onboardee/external user receive the welcome email.
2. The link in the email is redirecting to the SSO login page.

SSO login enabled in Provisioning

The Partial Organization SSO should be enabled.

Only if this is enabled, the external user will be able to log in using standard username and password and the employees will be able to login using the SSO.

This setting should not be enabled if you have IAS enabled in the system.

Attaching screenshot for reference.

NOTE: If SAML V2: SAP Identity Authentication Integration

Select this Checkbox if this Assertion Party is Connected to SAP Identity Authentication, this switch is enabled in the provisioning, then the IAS is enabled in the instance. If this switch is disabled, then the instance uses custom IDP and partial SSO switch needs to be enabled. 

SSO Login, External user, Password, Onboarding, onb, obx, unable, redirecting , KBA , LOD-SF-OBX-ACC , Accessibility , Problem