3602775 - Redirect URL is overwritten automatically in Successfactors instances connected to one IAS tenant

When configuring SAML 2.0 Single Sign-On (SSO), setting the redirect URL for one SuccessFactors instance will overwrite the URL for the other, since both instances are integrated with the same Identity Authentication Service (IAS) tenant.

Example:

• Redirect URL for both T1 and T2 environments resulted in the URL being overwritten between the two 
• URL is overwritten between T1 and T2 whichever is updated later gets updated in both the instance.

SAP SuccessFactors HCM Suite

This behavior is expected, as both SuccessFactors tenants are connected to the same Identity Authentication Service (IAS) tenant in the backend. Consequently, any changes made in the Manage SAML SSO settings are applied across both tenants, resulting in common set of SSO parameters being applied across both environments.

• When Identity Authentication Service (IAS) is used as a proxy Identity Provider (IdP), the redirect URL configured within IAS operates at the corporate IdP level. This means that each corporate IdP identifier is associated with a single, unique redirect URL configuration—there is a strict one-to-one relationship between a corporate IdP and its redirect URL.
• This design is intentional and defined by IAS architecture. As such, it is not possible to assign multiple redirect URLs to a single corporate IdP ID.
• To enable different environments (e.g., test, production) to have their own redirect URLs, each instance should be configured with a separate corporate IdP.
• Sharing the same corporate IdP across multiple instances will prevent independent redirect URL configurations. 

Manage SAML SSO, Redirect URL, IAS, SuccessFactors, Platform, LOD-SF-PLT, Identity Authentication Service , KBA , LOD-SF-PLT-SAM , SAML SSO First Time Setup , Problem