This article is for clients and explains how they can configure Single Sign-On (SSO) in SAP SuccessFactors.
Before you begin:
- Identity Provider (idP) of choice (JumpCloud, Okta, etc)
- Have SAP Cloud Identity Services access
- Have enabled SAML2.0 connector in Deel
View and download the Tenant SAML 2.0 Configuration
✅ Step 1 - Using an admin account, access SAP Cloud Identity Services via the admin link.
✅ Step 2 - Navigate to Applications & Resources and then Tenant Settings.
✅ Step 3 - Under Single Sign-On, select SAML 2.0 Configurations.
✅ Step 4 - On the SAML 2.0 Configurations page, Download Metadata file by clicking on its button.
Register new SSO application
✅ Step 1 - Create a new SSO application with the idP of your choice (JumpCloud, Okta, etc)
✅ Step 2 - Upload the Tenant SAML 2.0 Configuration metadata file that was exported in Step 1. (or configure it manually)
✅ Step 3 - Obtain the necessary metadata (eg. SAML metadata) from the idP. It typically includes SSO URL, Entity ID and idP certificate.
✅ Step 4 - Export the SAML metadata file from the idP
The image below shows an example of setting up an SSO app in JumpCloud (idP).
- Upload the SP metadata (the exported Tenant SAML 2.0 metadata)
- Export, or copy URL, the metadata of JumpCloud (the idP used in this example)
Register the idP in SAP Cloud Identity Services
✅ Step 1 - Using an admin account, access SAP Cloud Identity Services via the admin link.
✅ Step 2 - Navigate to Identity Providers and then to Corporate Identity Providers. There, create a new Identity Provider with Provider Type: SAML 2.0 Compliant
✅ Step 3 - In SAML 2.0 Configuration, upload or link the idP metadata file there to configure trust (or configure it manually).
✅ Step 4 - In Identity Federation, enable Use Identity Authentication user store.
Configure the Corporate idP with the SAP SuccessFactors application
✅ Step 1 - Navigate to the SAP SuccessFactors bundled application by accessing Applications & Resources and then Applications
✅ Step 2 - Select (or create) the bundled application that to configure SSO for.
✅ Step 3 - Under Conditional Authentication, enable Trust All Corporate Identity Providers
Getting the Deel Redirect URL
Go to the installed SAP SuccessFactors app. Browse to the SSO plugin and turn on the toggle button. A redirect URL will be visible, copy it and use it to configure SSO in SAP.