2320766 | 您所在的位置:网站首页 › loginmethod › 2320766 |
Symptom
This article covers Data model changes required for implementing Partial Organization Single Sign On.Prerequisites are: Single Sign-On is already implemented. You must have provisioning access You are familiar with the Succession Data Model."Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental." EnvironmentSAP SuccessFactors HXM Suite Resolution Implementation Main steps:The main steps for Implementing Partial Organization Single Sign On are: Enabling the loginMethod standard element in the Succession Data Model, and making it visible in the User data File (Employee Export) Enabling the Partial Organization feature in Provisioning Configuring the loginMethod to PWD for users that will be logging using the username & password instead of SSO.Note: Steps 2 and 3 are interchangeable. As soon as Step 1 has been completed you will be able to setup the loginMethod even if Partial Organization SSO is not yet turned on. Step 1: Enabling the loginMethod standard element in the Succession Data Model, and making it visible in the User Data File (Employee Export) / Manage Users.We have created a new standard element with id of “loginMethod”. This new field is needed only when "Partial Organization SSO" is enabled. It is not needed for any SSO customers that do not enable this feature.This field will define whether a user comes in through SSO or not. The standard element will have three allowable valuesSSO: A value of “SSO” means the user must login through the SSO method configured for this customer.PWD: A value “PWD” means the user must login through the standard username/password login pages.Null (no value specified): No value specified means the user must login through SSO This "loginMethod" standard element must be enabled in the Succession Data Model. An example XML snippet appears below. If this field is not enabled in the Succession Data Model for the instance, then all users must login through SSO. This standard element will not be required at user import / user account creation time. If a value is not specified during user import, then the user will default to SSO login. Standard Element DeclarationAdd the following as a standard-element in the Succession Data Model Login Method Edits to the "sysAllUserDirectorySetting" Edit Template Add a reference to this standard element in the "sysAllUserDirectorySetting" Edit Template that appears in the "sysUserDirectorySetting" View Template. This is to make the field visible in the Employee Export and/or Manage Users.An example appears below: User Directory Setting User Directory Setting User Directory Setting(Entire Ordered List) User Directory Setting(Entire Ordered List .... ..... Step 2: Enabling the Partial Organization feature in ProvisioningEnable the "Partial Organization SSO" feature in the provisioning tool under Single Sign-On (SSO) Settings. Step 3: Configuring the loginMethod to PWD for users that will be logging using the username & password instead of SSOOnce the data model has been configured per the instructions above, you can set the loginMethod for the user by setting values in the "loginMethod" field. This field can be edited either through the Employee Import, or other means (like Admin Tools to edit user information). You could even enable the value for editing in the Employee Profiles if desired. Note: Introduced on 2H Release (item PLA-25355) - now you can update loginMethod via Manage Login Accounts page. If setting the PWD value on the employee data file, add a column titled in rows 1 and 2 "LOGIN_METHOD". You can also download the employee import template from Admin tools as the new column should also be displayed there.Or finally you can export the user data file and work with this file to set the values as required for all users in the LOGIN_METHOD columnIt is expected that most customers will set this value through the Employee Import file, most likely as an automated FTP process. See Also For more details on the system behaviour of Partial SSO, refer to KBA 2088837 - [SSO] Partial Organization Single Sign-On - BizX Platform KeywordsData model, Partial Single Sign On, configurations, provisioning, xml, login method, PWD, SSO, partner, consultant , KBA , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-PLT-SAM , SAML SSO First Time Setup , Problem Product SAP SuccessFactors HXM Suite all versions |
CopyRight 2018-2019 实验室设备网 版权所有 |