IAS for ONB2.0 New Hires – 2
If your instance is already upgraded to version 2 of IAS, then proceed with ONB integration configuration as per this article.
If not then refer to the article IAS for ONB2.0 New Hires – 1 to upgrade your IPS from version 1(ODATA) to version 2(SCIM).
- Create new sequence in Manage Data > Sequence > Create New.
This sequence is to decide the username series for New Hires.
- Create a business rule to generate ONB Username using the sequence object created above.
- Assign this rule in Manage Data > ONB2Config.
- Create a X509 certificate by giving it a name, description, CA=SAP Cloud Root CA and Valid Until.
Download this certificate into your local system.
- Login to your IAS system, navigate to administrator user section and Create a new system user in IAS administrator with the above created X509 certificate and grant it real time provisioning access.
This is required to sync the onboardees in real time instead of waiting for the IPS sync job schedule.
- Register the certificate created above in Integration Service Registration Center of SuccessFactors.
The destination URL should be in the format below and the system ID can be copied from
You get the <source-system-id> in the URL displayed (highlighted below) in browser when you click on the source system in IPS.
- Next, activate the real time sync for Onboardee – SuccessFactors > Manage Identity Provisioning Real Time Sync
- Finally activate IAS for Onboardee
SuccessFactors > Monitoring tool for Identity Authentication Service > Apply to both Employee and Onboardee.
Make sure you do one final check as suggested by SAP in the ‘Help Guide’ in above screen before you approve.
In the next article IAS for ONB2.0 New Hires – 3 I have mentioned few code snippets of transformation which are used to incorporate the Onboardee login behavior in IAS. Hope it helps your requirements.
- In case there is critical need to revert and make the system use the old BizX setup, you can disable the below check box in provisioning>Company settings. This helped us during one such situation!!
I think this gets enabled automatically when we click on ‘Apply to both Employee and Onboardee’ in one of the above steps.
- In order to route the regular employees to SSO and Onboardees to login page, make use of conditional authentication in the IAS portal.