{"id":99,"date":"2025-01-23T12:54:59","date_gmt":"2025-01-23T12:54:59","guid":{"rendered":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/?p=99"},"modified":"2025-08-15T08:39:34","modified_gmt":"2025-08-15T08:39:34","slug":"ias-integration-with-sap-success-factors-application","status":"publish","type":"post","link":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/2025\/01\/23\/ias-integration-with-sap-success-factors-application\/","title":{"rendered":"IAS integration with SAP Success Factors Application"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>Scenario<\/strong>:<br>\u2022 IAS integration with SAP Success Factors Application and delegate authentication to 2 corporate Identity Providers(one is Azure and another is some other corporate IDP) \u2013 segregation will be based on domain names of the user email address.<br>\u2022 Identifier is same for SAP Success Factors application and Corporate Identity provider-1<br>\u2022 Identifier is different for SAP Success Factors application and ADFS( Azure AD \u2013 Corporate Identity provider -2) \u2013 Mapping is required in IAS.<br>\u2022 Single URL for Corporate Users and External vendors. (password and single sign on users)<br>o For Corporate Users \u2013 It will act as proxy to delegate authentication to Corporate IDPs<br>o For External Vendors \u2013 It will act as identity provider.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br><strong>Before going in details in implementation, in this blog post we will go through the basic terminologies which will mostly used and why we need IAS in this scenario.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Identity Authentication Service(IAS)<\/strong><br>Identity Authentication is a cloud service for authentication, single sign-on, and user management in SAP cloud and on-premise applications. It can act as an identity provider itself, or be used as a proxy to integrate with an existing single sign-on infrastructure.<br>IAS provides a lot of flexibility and it is not possible to implement this scenario without IAS.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br><strong>Single Sign on(SSO)<\/strong><br>Authentication method that enables users to securely authenticate with multiple applications by using just one set of credentials. In our scenario we will authenticate in Corporate IDPs to login to SAP Success factors application.<br>There are 2 protocols available for SSO which are widely used in industry \u2013 IAS supports both the protocols:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br><strong>SAML 2.0 \u2013 <\/strong>Most commonly used to help enterprise users sing in to multiple applications using SSO.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br><strong>Open-ID connect <\/strong>\u2013 Widely used to enable user login on mobile apps. This protocol is build over OAuth (which is used for authorization) to support authentication scenarios.<br>We will use SAML2.0 for integration and establish SSO between SAP SuccessFactors, IAS, and Corporate IDPs.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br><strong>How SAML2.0 works?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Establish Trust connection between Service Provider and Identity Provider (Exchange of metadata file)<br>User who wants to access Service must authenticate into IDP(Identity Provider)<br>If user manages to Successfully authenticate, IDP generates a SAML assertion<br>Assertion is sent to the application and since service provider Trust IDP, User is allowed access.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br><strong>Metadata file<\/strong><br>It contains details of<br>Entity ID \u2013 Unique identifier<br>Different URLs \u2013 When authentication is successful \u2013 how does identity provider knows where to redirect the request \u2013 Using different URLs configured in metadata file. It consists of ACS, SSO, SLO URLs.<br>Certificate details \u2013 so that application trust can be established.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br><strong>Unique Identifier<\/strong><br>It is required to perform mapping at the backend. It should be unique value which is supported by application and identity provider. From end user perspective \u2013 they need not to worry about it, Its something which is used at the backend. We can capture the details in SAML trace.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br>Restriction on SAP Success Factors application:<br>SAP SuccessFactors accepts two values to identify the user logging in using SAML2. The most common is NameID. It also support the UserName attribute. Whichever method is used, the value is compared with the UserName in the SAP SuccessFactors application.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><br>In case of different Unique identifiers on IDP and SF application, we need to perform mapping on IAS. In our scenario:<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br>For SF application \u2013 unique identifier is username (It will always be username \u2013 restriction from SF)<br>For Corporate IDP ADFS- unique identifier is email address.<br>To perform mapping in IAS \u2013 User details are required in IAS. To sync users SAP provides IPS (Identity Provisioning services) \u2013 which automates the process.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br><strong>IPS (Identity Provisioning Services)<\/strong><br>Allows to automate and manage the transfer of user data from Source system(SF) to target system(IAS) using sync jobs which can be configured as per our requirement.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In this blog post we have learnt about the basic terminologies and basic concepts related to Single Sign on. In next blog post we will start discussion on Integration process of IAS with SAP Success Factors application.<br>In case you are wondering why we are using IAS with SAP Success Factors Application \u2013 please check this blog post:Why Identity authentication is required for SAP SuccessFactors Application<br>Courtesy:- Sushil Gupta<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Scenario:\u2022 IAS integration with SAP Success Factors Application and delegate authentication to 2 corporate Identity Providers(one is Azure and another is some other corporate IDP) \u2013 segregation will be based on domain names of the user email address.\u2022 Identifier is same for SAP Success Factors application and Corporate Identity provider-1\u2022 Identifier is different for SAP [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":101,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","om_disable_all_campaigns":false,"pagelayer_contact_templates":[],"_pagelayer_content":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-99","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-content\/uploads\/2025\/01\/MicrosoftTeams-image-25-Nov-30-2022-09-26-42-5554-AM-1.jpg?fit=767%2C549&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-json\/wp\/v2\/posts\/99","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-json\/wp\/v2\/comments?post=99"}],"version-history":[{"count":3,"href":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-json\/wp\/v2\/posts\/99\/revisions"}],"predecessor-version":[{"id":104,"href":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-json\/wp\/v2\/posts\/99\/revisions\/104"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-json\/wp\/v2\/media\/101"}],"wp:attachment":[{"href":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-json\/wp\/v2\/media?parent=99"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-json\/wp\/v2\/categories?post=99"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vaaasglobalsolutions.co.uk\/Blog\/wp-json\/wp\/v2\/tags?post=99"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}