Configuring IAS for People Analytics when using your own 3rd Party IDP
With the introduction of People Analytics Stories, one of the biggest changes to our SuccessFactors Customer base has been the need for the implementation of Identity Authentication Store (IAS). This is a move which has presented some challenges for our customer base as quite a lot of them have their own corporate IDP enabled. However, it is possible to use both & necessary to use IAS while using People Analytics Stories.
Why is it necessary to use IAS for People Analytics Stories?
People Analytics leverages an embedded version of SAP Analytics Cloud (SAC) as the technology to power the visualisations, whilst data processing is done in the SuccessFactors HANA system. This solution is seamlessly embedded so that end users using the solution are not aware that the SAP Analytics Cloud technology is being leveraged. However, there are some backend configurations required in order to allow user authentication to happen seamlessly between the various SAP technologies.
Stories in People Analytics require the use of IAS for user authentication between SuccessFactors & SAP Analytics Cloud.
Through SuccessFactors we connect to many applications like SAC embedded into Report Centre (People Analytics Stories) . So with this SSO settings we can login to IAS tenant account once and then we can directly access all the applications which are configured in it like Career Site Builder and People Analytics.
How-to Enable IAS in SuccessFactors?
SAP Cloud Identity Authentication comprises two components:
- Identity Authentication Services (IAS) – used to authenticate/login users
- Identity Provisioning Services (IPS) – used to sync users from the source (ex. SAP SuccessFactors) to the target (ex. IAS & SAC) in order for users to be authenticated and logged in.
For full guide on enabling IAS / IPS for People Analytics, please see the Customer Community post from our colleagues in Platform:
Important Configuration Checks in IAS for People Analytics Stories:
Post the upgrade to People Analytics Stories, customers are often faced with the Blank / Loading Screen issue. This is a common issue for those customers that are using their own 3rd Party Corporate IDP (ex. Azure). However, it is possible to combine the use of both your own 3rd Party IDP and IAS so that we can use People Analytics Stories and not run into the common blank / loading screen issue. Below are some of the configuration checks you need to consider before attempting to use People Analytics Report Stories:
Corporate IDP Issue (Forward all requests to Corporate IDP):
- Problem : Using Corporate SSO customer is not able to load the SAC in Report Center but same is working for IAS based login.
- Reason : All requests are getting redirected to the Corporate IDP. Even when you are trying to access the SAC in Report Centre, the request is getting redirected to Corporate IDP. But IDP for SAC is IAS.
- Solution : Turn off the flag responsible for redirecting all the request to the Corporate IDP.
The Default Identity Provider is not the same for SAC and SuccessFactors applications:
- Log in IAS
- Go to Application & Resources
- Select the SuccessFactors company ID
- Scroll down and go to Conditional Authentication
- Default Authenticating Identity Provider
- Set your IDP as the Default Identity Provider
- Repeat the same steps for SAC application
For companies using third Party Identity Provider as SSO:
Check if the user is able to create story without issue when logging in directly through IAS and facing issue while logging in via SSO.
Login to IAS -> Identity Provider -> Corporate Identity Providers -> Select the third Party IDP customer is using (there can be multiple IDPs set up here so make sure that you are selecting the one customer is using, check with customer if not sure) -> Select Identity Federation (from right pane) -> Make sure that 1st option – Use Identity Authentication user store is ON .
Do not Make Changes to SAML 2.0 Configuration in SuccessFactors, IAS or SAC Tenant
Note: All the screenshots used in this blog are taken from Demo instance.
Other Useful Resources
People Analytics Product Support