Symptom
SSO has been enabled, but onbordees are unable to login to the system because it is asking for the company's domain email ID. Typically, SSO should not be applicable for onbordees.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP SuccessFactors Onboarding
Reproducing the Issue
- The onboardee/external user receive the welcome email.
- The link in the email is redirecting to the SSO login page.
Cause
SSO login enabled in Provisioning
Resolution
The Partial Organization SSO should be enabled.
Only if this is enabled the external user will be able to login using standard username and password and the employees will be able to login using the SSO.
This setting should not be enabled if you have IAS enabled in the system.
Attaching screenshot for reference.
NOTE: If SAML V2: SAP Identity Authentication Integration
Select this Checkbox if this Assertion Party is Connected to SAP Identity Authentication, this switch is enabled in the provisioning, then the IAS is enabled in the instance. If this switch is disabled, then the instance uses custom IDP and partial SSO switch needs to be enabled.
Keywords
SSO Login , External user , Password , Onboarding , KBA , LOD-SF-OBX-ACC , Accessibility , Problem
Product
Attachments
PartialSSO.jpg |