Identity Authentication Service(IAS) Configuration approach with SAP SuccessFactors Application
In Future, all SAP Success Factors applications will be integrated with Identity authentication service(IAS). and you can leverage IAS functionalities and configure it as per your requirement.
Users are properly synced from SAP SuccessFactors(SF) Application to IAS. If you are wondering why user sync is required, kindly read the blog:
Depends on the requirement and the required end user experience (after the configuration)
You can follow 2 approaches:
- Use Corporate IDP as default Identity Provider in SAP SF application
- For only 1 Corporate Identity Provider(IDP) for SAP SF application.
- Seamless single sign on experience to users(Corporate Employees)
- After the configuration of IAS is completed with SAP SF application, when user access the SAP SF URL – it will directly take you to corporate IDP without stopping anywhere and in case you are already logged into Corporate IDP, you will logged into SAP SF application without stopping anywhere.
- For all Password Users – there will be another URL and all Password users will be authenticated in IAS.
Seamless Single Sign on experience
Maintain 2 different URLs for different Users(corporate employees and external vendors)
This approach is very similar to how it was earlier without IAS. There is one advantage though.
- Because we have synced the users from SAP SF application to IAS – you can enable mapping in IAS using option in corporate IDP( user IAS USER STORE) so that you can have different identifiers at Application and IDP
- Please read the blog mentioned in Pre-requisite in case you don’t what I am taking about.
- Use Rule based conditional authentication
- Have multiple Corporate Identity Providers as per different regions and planning to add more in future for SAP SF application
- Want 1 single URL for all type of users( SSO and Password Users) – Corporate employees and External Vendors.
- More Flexibility, can add more Corporate IDPs in future
- less management as there will be only 1 URL for all types of users
Not a drawback but default behavior:
- After Configuration is completed, when you access SAP SF URL – it will bring you to IAS Screen- where you enter your email address(or LoginName – Username in SAP SF) and it will now redirect you to Corporate IDP (in case of corporate employees) or you will authenticate in IAS (in case of external vendors)
- In case of corporate employees – for first time it will stop at IAS screen, however for next it will not stop on IAS screen( until you clear your browser cookies)
In this blog post, you have learnt about different approaches we can follow while doing integration of IAS with SAP SF application.
See you in next blog !