Skip to Content
User Experience Insights
Author's profile photo jayshri tamrakar

Configure SAP SuccessFactors solution Single Sign-On with SAP Cloud Platform Identity Authentication & MS Azure OpenID Connect

Introduction:

SAP Cloud Platform Identity Authentication can use an OpenID Connect identity provider as an external authenticating authority. SAP Cloud Platform Identity Authentication acts as a proxy to delegate authentication to the external corporate identity provider. The requests for authentication sent by the relying party will be forwarded to the corporate identity provider.

Note: Currently only Microsoft Azure Active Directory (Azure AD) is supported as OpenID Connect corporate identity provider.

To use SAP Cloud Platform Identity Authentication as a proxy to delegate authentication to an external OpenID Connect corporate identity provider, it is required to configure trust with that corporate identity provider.

 

Scenario:

Authentication%20Scenario

Authentication Scenario

 

Prerequisites:

1)  SAP Cloud Platform Identity Authentication is enabled for SAP SuccessFactors solution Check SAP blog to enable SAP Cloud Platform Identity Authentication through Upgrade Center

https://blogs.sap.com/2020/09/25/integrate-sap-successfactors-solutions-with-sap-cloud-platform-identity-authentication-through-the-upgrade-center/

2) Get below information from customer:

    1. Client ID
    2. Tenant ID
    3. Secret
    4. Tenant Issuer

3) You can retrieve the information by calling the discovery endpoint of the corporate identity provider:

https://login.microsoftonline.com/TENANTURL/.well-known/openid-configuration

Put above URL in browser and retrieve Issuer as below

4) Configure the callback endpoint of the SAP Cloud Platform Identity Authentication tenant as Redirect URI

https://<IAS tenant_id>.accounts.ondemand.com/oauth2/callback

How-to configure OpenID Connect Corporate Identity Provider?

Step 1: Login into SAP Cloud Platform Identity Authentication as an Administrator

Step 2: Navigate to Application and Resources – > Select Talent Settings -> select OpenID Connect Configuration from right side panel

Step 3: Provide OpenID connect details for MS Azure setup

Step 4: From left hand panel select Identity Providers -> Corporate Identity Provider

Step 5: Create Identity Provide and give a name

Step 6:  Select newly created Identity Provider and in right hand side panel select Identity Provider Type

Step 7: Select OpenID Connect Complaint as Identity Provide Type

Step 8: Select OpenID Connect Configuration option from right hand side panel and maintain Issuer, Client ID and Client Secret and validate it.

Once it is successfully validated, save it.

Check Prerequisite 3 for issuer

 

Step 9: Navigate to Identity Providers – > Corporate Identity Providers -> Select Subject Name Identifier and select Email option.

Step 10: Navigate to Application and Resources -> Applications -> Select the correct SuccessFactors system from middle panel

And maintain Protocol as SAML 2.0 and Subject Name Identifier as Login Name

 

Step 11: Navigate to Application and Resources – > Select the correct SuccessFactors system from middle panel -> select Conditional Authentication from right panel

 

Step 12: In Conditional Authentication maintain MS Azure as Default Identity Provider

 

Note: To authenticate some users like external users from SAP Cloud Platform Identity  Authentication enable the option “Allow users stored in Identity Authentication service to logon and use the URL for external users.

 

Step 13: Once trust configuration is done with the corporate identity provider, whenever user login into SuccessFactors it will redirect user to MS Azure for authentication

 

Conclusion:

With this process users would be authenticated by Microsoft Azure, when they login into SAP SuccessFactors solutions.

Thanks for the read! I will be happy to address any further question in the comments.

See you soon with a new blog!

 

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Shambhavi Thakur
      Shambhavi Thakur

      Thank you Jayshri. Very informative and detailed.