SAP SuccessFactors - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for SAP Success Factors using Multi-Pass. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with SAP Success Factors, ensure you meet the following requirements:
- SAP Identity Authentication Service (You may need to contact SAP for access)
- SAP Identity Authentication Service admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in SAP Success Factors are registered in your IdP and have the necessary permissions to access SAP Success Factors.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
- SAP Identity Authentication Service (You may need to contact SAP for access)
- SAP Identity Authentication Service admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in SAP Success Factors are registered in your IdP and have the necessary permissions to access SAP Success Factors.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
SAP SuccessFactors - SSO Configuration
Step 1 - Obtain Tenant XML Metadata from Multi-Pass (IdP)
- Open Multi-Pass Dashboard
- Select the correct tenant and go to Integrations, click on Applications
- Select SAML in the custom integration section
- Select Download under Tenant XML data and save the file locally
Step 2 - Configure SAP SuccessFactors as the Service Provider (SP)
- Log into SAP Identity Authentication Service as an Administrator
- Navigate to Identity Providers
- Navigate to Corporate Identity Providers
- Select Add
- Enter Multi-Pass as the Name
- Upload the Tenant XML Metadata from Step 1 and confirm Issuer, Single Logout Endpoint, and Certificate are populated
- Select SAML 2.0 Compliant as the Identity Provider Type
- Select Save
- Browse to
https://<your-ias-tenant>.accounts.ondemand.com/saml/metadataand save the webpage as an XML file
Step 3 - Configure Multi-Pass as the Identity Provider (IdP)
- Open Multi-Pass Dashboard
- Select the correct tenant and go to Integrations, click on Applications
- Select SAML in the custom integration section
- Select Upload File and upload your SAP IAS Metadata obtained in Step 2
- Confirm/Complete the remaining fields based on the table below:
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | https://<your-ias-tenant>.accounts.ondemand.com |
| Name | sapsuccessfactors |
| Description | SAP SuccessFactors SSO integration |
| Assertion Consumer Service URL | https://<your-ias-tenant>.accounts.ondemand.com/saml/SSO |
| NameID Policy Format | Email |
General settings (Multi-Pass)
| Field | Value |
|---|---|
| Client ID | https://<your-ias-tenant>.accounts.ondemand.com |
| Name | sapsuccessfactors |
| Description | SAP SuccessFactors SSO integration |
| Always display in UI | ON |
Access settings (Multi-Pass)
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://<your-ias-tenant>.accounts.ondemand.com/saml/SSO |
| IDP-Initiated SSO URL Name | <APP_NAME> |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | email |
| Force Name ID Format | OFF |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Move to the tab Keys and ensure both parameters are set to OFF.
- Go to the Advanced tab and set the Assertion Consumer Service POST Binding URL to match the Valid Redirect URI:
https://<your-ias-tenant>.accounts.ondemand.com/saml/SSO
Related Articles
SAP Concur - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Mulesoft - SSO Integration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Miro - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Miro using MPAS. SSO simplifies user authentication by allowing access to multiple ...