/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- When user is using proxy SSO: Users can't login SF by SSO when they click the link in SF Email notification but can login SF by SSO when they use the SF login link.
- See error message : "Sorry, but you are currently not authorized to access"
Environment
SAP SuccessFactors HXM Core
Reproducing the Issue
Step 1 - Initiator will requests for time off/leave
Step 2:- Approval will reach to initiator's manager
Step 3:- Post approval by manager, workflow approval notification goes to the initiator to his/her business email address along with the link. When initiator click the link to view the information, it shows the error message.
Cause
There is something wrong in SSO URL configuration according to the blog.
The process customer triggered is SP-initiated SSO instead of IdP-initiated SSO. So user needs to ask their IT to change the URL from their IDP side.
Resolution
User needs to change the URL as "https://xxxx.accounts.ondemand.com/saml2/idp/acs/xxxx.accounts.ondemand.com" from their side instead of " https://xxxx.accounts.ondemand.com/saml2/idp/acs/xxxx.accounts.ondemand.com?sp=<sp_name>&index=<index_number>".
Please refer to "Step2: Create SAML Integration in OKTA > Single sign on URL > 3.Copy ‘Assertion Consumer Service Endpoint’ (ACS endpoint) URL " in the blog for details.
See Also
Keywords
SSO, SAML, link, SP-initiated SSO, IdP-initiated SSO , KBA , LOD-SF-PLT-SAM , SAML SSO First Time Setup , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)