Configuring SuccessFactors



Similar documents
Configuring. SuccessFactors. Chapter 67

Configuring. SugarCRM. Chapter 121

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Connected Data. Connected Data requirements for SSO

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

Configuring Salesforce

Configuring Parature Self-Service Portal

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Configuring on-premise Sharepoint server SSO

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

SAML single sign-on configuration overview

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

SAP NetWeaver AS Java

Sharepoint server SSO

Configuring. Moodle. Chapter 82

SAML single sign-on configuration overview

Creating a generic user-password application profile

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

AVG Business SSO Partner Getting Started Guide

IIS, FTP Server and Windows

McAfee Cloud Identity Manager

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Centrify Cloud Management Suite

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Managing policies. Chapter 7

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Configuring an ios App Store application

Egnyte Single Sign-On (SSO) Installation for OneLogin

Office 365 deployment checklists

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

An Overview of Samsung KNOX Active Directory-based Single Sign-On

SchoolBooking SSO Integration Guide

Google Apps Deployment Guide

User-password application scripting guide

Single Sign On for ShareFile with NetScaler. Deployment Guide

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Egnyte Single Sign-On (SSO) Installation for Okta

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal

OneLogin Integration User Guide

SAML application scripting guide

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Managing users. Account sources. Chapter 1

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

Configuring user provisioning for Amazon Web Services (Amazon Specific)

McAfee Cloud Identity Manager

Cloud Services MDM. Control Panel Provisioning Guide

McAfee Cloud Identity Manager

PUBLIC SAP HANA Cloud Platform, mobile service for security Administration Guide

CUSTOMER Android for Work Quick Start Guide

Centrify Mobile Authentication Services

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Office 365 deploym. ployment checklists. Chapter 27

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

The Customer page is only displayed in Admin Portal on Managed Service Provider accounts. It is not displayed in customer accounts.

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Centrify Mobile Authentication Services for Samsung KNOX

Defender Token Deployment System Quick Start Guide

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

DreamFactory on Microsoft SQL Azure

Security Assertion Markup Language (SAML) Site Manager Setup

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

VMware Identity Manager Administration

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Single Sign-on Frequently Asked Questions

Flexible Identity Federation

Copyright Pivotal Software Inc, of 10

Employee Active Directory Self-Service Quick Setup Guide

Copyright 2013, 3CX Ltd.

Advanced Configuration Steps

Cloud Authentication. Getting Started Guide. Version

McAfee Cloud Single Sign On

Installing Samsung SDS CellWe EMM cloud connectors and administrator consoles

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

NOTE: New directions for accessing the Parent Portal using Single Sign On

Using the Content Distribution Manager GUI

SAML Single-Sign-On (SSO)

Technical Support Set-up Procedure

Version 3.2 Release Note. V3.2 Release Note

Using Internet or Windows Explorer to Upload Your Site

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

Mobile Device Management Version 8. Last updated:

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Configure Single Sign on Between Domino and WPS

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Flexible Identity Federation

User Guide. Version R91. English

Lenovo Partner Access - Overview

State Health Repository Tool (SHRT) Testing Instructions

Active Directory Self-Service FAQ

Setting Up Resources in VMware Identity Manager

Initial DUO 2 Factor Setup, Install, Login and Verification

CA Performance Center

Administering Jive Mobile Apps

Transcription:

Chapter 117 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors offers both IdP-initiated SAML SSO (for SSO access through the user portal or Samsung mobile applications) and SP-initiated SAML SSO (for SSO access directly through the SuccessFactors web application). You can configure SuccessFactors for either or both types of SSO. Enabling both methods ensures that users can log in to SuccessFactors in different situations such as clicking through a notification email. 1 Prepare SuccessFactors for single sign-on (see "SuccessFactors requirements for SSO" on page 117-1007). 2 In the Samsung Admin Portal, add the application and configure application settings. Once the application settings are configured, complete the user account mapping and assign the application to one or more roles. For details, see "Configuring SuccessFactors in Admin Portal" on page 117-1008. 3 Configure the SuccessFactors application for single sign-on. To configure SuccessFactors for SSO, contact SuccessFactors and give them the downloaded SAML Meta data file available from the Admin Portal Application Settings page. For details, see "Contacting SuccessFactors to enable SSO" on page 117-1014. After you are done configuring the application settings in the Admin Portal and the SuccessFactors application, users are ready to launch the application from the Samsung KNOX EMM user portal. 1006

Preparing for SuccessFactors Configuration Preparing for SuccessFactors Configuration SuccessFactors requirements for SSO Before you configure the SuccessFactors web application for SSO, you need the following: An active SuccessFactors account with administrator rights for your organization. A signed certificate. You can either download one from Admin Portal or use your organization s trusted certificate. Contact information for SuccessFactors configuration consultant (to enable and test the SSO feature on your account). Identity Provider SAML Meta data downloaded from the Samsung Admin Portal. Setting up the certificates for SSO To establish a trusted connection between the web application and the cloud service, you need to have the same signing certificate in both the application and the application settings in Admin Portal. If you use your own certificate, you upload the signing certificate and its private key in a.pfx or.p12 file to the application settings in Admin Portal. You also upload the public key certificate in a.cer or.pem file to the web application. To download an application certificate from Admin Portal (overview): 1 In the Apps page, add the application. 2 Click the application to open the application details. 3 In the Application Settings tab, click Download Signing Certificate to download and save the certificate. What you need to know about SuccessFactors Each SAML application is different. The following table lists features and functionality specific to SuccessFactors. Capability Supported? Support details Web browser client Yes Mobile client Yes ios and Android SAML 2.0 Yes Chapter 117 Configuring SuccessFactors 1007

Configuring SuccessFactors in Admin Portal Capability Supported? Support details SP-initiated SSO Yes Users may go directly to a supplied SuccessFactors URL and then use the Samsung cloud service SSO to authenticate. IdP-initiated SSO Yes Users may use SSO to log in to SuccessFactors through the Samsung KNOX EMM user portal or through Samsung mobile apps. Force user login via SSO only Yes Separate administrator login after SSO is enabled User or Administrator account lockout risk Automatic user provisioning Self-service password Access restriction using a corporate IP range No Yes No N/A Yes If SSO is enabled, logging in to SuccessFactors using a user name and password is not available. You need to consult with the SuccessFactors customer support team to set up your specific configuration. There is a risk of being locked out of your account if users are forced to log in using SSO only. As an administrator of the system, if you are locked out and SSO is enabled, you must call SuccessFactors to disable SSO temporarily to bypass the lockout. The SuccessFactorsConfiguration Consultant can setup Performance Manager to restrict access to a company instance using an IP Address or IP Range. Additionally, you can specify an IP Range in the Admin Portal Policy page to restrict access to the application. Configuring SuccessFactors in Admin Portal To add and configure the SuccessFactors application in Admin Portal: 1 In Admin Portal, click Apps. 2 Click Add Web Apps. The Add Web Apps screen appears. 3 On the Search tab, enter the partial or full application name in the Search field and click the search icon. 4 Next to the application, click Add. 5 In the Add Web App screen, click Yes to confirm. Admin Portal adds the application. 6 Click Close to exit the Application Catalog. Admin Portal user s guide 1008

Configuring SuccessFactors in Admin Portal The application that you just added opens to the Application Settings page. 7 Configure the following: Field Required or optional Set it to Consumer Service URL Required https:// performancemanager4. successfactors.com/ saml2/ SAMLAssertionConsume r?company=company- NAME Issuer Required The cloud service automatically generates the content for this field. What you do If your fully qualified domain name (FQDN) is not the same as performancemanager4.suc cessfactors.com, replace it with the FQDN for your instance. In most cases, you can leave this field as is. The only reason to change this URL is if you are using multiple SuccessFactors deployments. Each deployment requires a unique Issuer. The Issuer content is automatically included as part of the Identity Provider SAML Meta data that you give to your SuccessFactors Configuration Consultant (see "Contacting SuccessFactors to enable SSO" on page 117-1014). If you change the setting, you need to download the Identity Provider SAML Meta data again and give the file to the SuccessFactors Configuration Consultant. Chapter 117 Configuring SuccessFactors 1009

Configuring SuccessFactors in Admin Portal Field Required or optional Set it to Error URL Optional The cloud service automatically generates the content for this field. Logout URL Optional The cloud service automatically generates the content for this field. What you do The Logout URL is automatically included as part of the Identity Provider SAML Meta data that you give to the SuccessFactors Configuration Consultant (see "Contacting SuccessFactors to enable SSO" on page 117-1014). This custom page displays in the Samsung KNOX EMM user portal when users encounter an error in SuccessFactors. If you change the setting, you need to download the Identity Provider SAML Meta data again and give the file to the SuccessFactors Configuration Consultant. The Logout URL is automatically included as part of the Identity Provider SAML Meta data that you give to the SuccessFactors Configuration Consultant (see "Contacting SuccessFactors to enable SSO" on page 117-1014). Configuring Logout URL means that users are logged out of the Samsung KNOX EMM user portal when they log out of SuccessFactors. Admin Portal user s guide 1010

Configuring SuccessFactors in Admin Portal Field Download Identity Provider SAML Meta data Download Signing Certificate Required or optional Required Required Set it to The cloud service automatically generates the meta data content. The cloud service automatically generates the meta data content. What you do Click the link to download the Meta data file. The SuccessFactors Configuration Consultant will need the file to enable SSO. See "Contacting SuccessFactors to enable SSO" on page 117-1014. If necessary, click the link to download the default Signing Certificate. The certificate content is automatically included as part of the Identity Provider SAML Meta data. To use a certificate with a private key (pfx file) from your local storage, see Step 7 below. If you replace the certificate, download the Identity Provider SAML Meta data again and give the file to the SuccessFactors Configuration Consultant. Chapter 117 Configuring SuccessFactors 1011

Configuring SuccessFactors in Admin Portal 8 On the Application Settings page, expand the Additional Options section and specify the following settings: Option Application ID Show in User app list Security Certificate Description Configure this field if you are deploying a mobile application that uses the Samsung mobile SDK, for example mobile applications that are deployed into a Samsung KNOX version 1 container. The cloud service uses the Application ID to provide single sign-on to mobile applications. Note the following: The Application ID has to be the same as the text string that is specified as the target in the code of the mobile application written using the mobile SDK. If you change the name of the web application that corresponds to the mobile application, you need to enter the original application name in the Application ID field. There can only be one SAML application deployed with the name used by the mobile application. The Application ID is case-sensitive and can be any combination of letters, numbers, spaces, and special characters up to 256 characters. Select Show in User app list to display this web application in the user portal. (This option is selected by default.) If this web application is added only to provide SAML for a corresponding mobile app, deselect this option so the web application won t display for users in the user portal. These settings specify the security certificate used for secure SSO authentication between the cloud service and the web application. Select an option to change the security certificate. Use existing certificate displays beneath it the certificate currently in use. The Download button below the certificate name downloads the current certificate through your web browser to your computer so you can supply the certificate to the web application during SSO configuration. It s not necessary to select this option it s present to display current status. Use the default tenant signing certificate selects the cloud service standard certificate for use. This is the default setting. Use a certificate with a private key (pfx file) from your local storage selects any certificate you want to supply, typically your organization s own certificate. To use this selection, you must click Browse to upload an archive file (.p12 or.pfx extension) that contains the certificate along with its private key. If the file has a password, you must enter it when prompted. 9 (Optional) On the Description page, you can change the name, description, and logo for the application. For some applications, the name cannot be modified. Admin Portal user s guide 1012

Configuring SuccessFactors in Admin Portal The Category field specifies the default grouping for the application in the user portal. Users have the option to create a tag that overrides the default grouping in the user portal. 10 On the User Access page, select the role(s) that represent the users and groups that have access to the application. When assigning an application to a role, select either Automatic Install or Optional Install: Select Automatic Install for applications that you want to appear automatically for users. If you select Optional Install, the application doesn t automatically appear in the user portal and users have the option to add the application. 11 (Optional) On the Policy page, specify additional authentication control for this application.you can select one or both of the following settings: Restrict app to clients within the Corporate IP Range: Select this option to prevent users outside the company intranet from launching this application. To use this option, you must also specify which IP addresses are considered as your intranet by specifying the Corporate IP range in Settings > Corporate IP Range. Require Strong Authentication: Select this option to force users to authenticate using additional, stronger authentication mechanisms when launching an application. Specify these mechanisms in Policy > Add Policy Set > Account Security Policies > Authentication. You can also include JavaScript code to identify specific circumstances when you want to block an application or you want to require additional authentication methods. For details, see Specifying application access policies with JavaScript. 12 On the Account Mapping page, configure how the login information is mapped to the application s user accounts. The options are as follows: Use the following Directory Service field to supply the user name: Use this option if the user accounts are based on user attributes. For example, specify an Active Directory field such as mail or userprincipalname or a similar field from the Samsung KNOX EMM user service. Everybody shares a single user name: Use this option if you want to share access to an account but not share the user name and password. For example, some people share an application developer account. Use Account Mapping Script: You can customize the user account mapping here by supplying a custom JavaScript script. For example, you could use the following line as a script: LoginUser.Username = LoginUser.Get('mail')+'.ad'; The above script instructs the cloud service to set the login user name to the user s mail attribute value in Active Directory and add.ad to the end. So, if the user s mail Chapter 117 Configuring SuccessFactors 1013

Contacting SuccessFactors to enable SSO attribute value is Adele.Darwin@acme.com then the cloud service uses Adele.Darwin@acme.com.ad. For more information about writing a script to map user accounts, see the SAML application scripting guide. 13 (Optional) On the Advanced page, you can edit the script that generates the SAML assertion, if needed. In most cases, you don t need to edit this script. For more information, see the SAML application scripting guide. Note On the Changelog page, you can see recent changes that have been made to the application settings, by date, user, and the type of change that was made. 14 Click Workflow to set up a request and approval work flow for this application. The Workflow feature is a premium feature and is available only in the Samsung KNOX EMM User Suite App+ Edition. See Configuring Workflow for more information. 15 Click Save. After configuring the application settings (including the role assignment) and the application s web site, you re ready for users to launch the application from the user portal. Contacting SuccessFactors to enable SSO To configure SuccessFactors for SSO: 1 If you haven t done so already, locate the Identity Provider SAML Meta data that you downloaded in Step 7 of Configuring SuccessFactors in Admin Portal. 2 Contact your SuccessFactors Configuration Consultant and provide the Identity Provider SAML Meta data you downloaded previously. Let the SuccessFactors Configuration Consultant know that the Samsung SAML Response has the assertion signed. Additionally, provide the following information (the configuration of these items is optional): Enable SP-initiated SSO for the account: If SP-initiated SSO is enabled, users log in to SuccessFactors using SAML (logging in with a user name and password is not available). If SP-initiated SSO is disabled, users log in to SuccessFactors using a user name and password. Users can SSO to SuccessFactors using SAML from the Samsung KNOX EMM user portal. Error URL: Provide an error URL if you want users to be redirected to a custom page when they encounter an error in SuccessFactors. Logout URL: Provide a logout URL if you want users to be redirected to a specific URL upon logging out of SuccessFactors. Admin Portal user s guide 1014

For more information about SuccessFactors For more information about SuccessFactors For more information about configuring SuccessFactors for SSO, contact your SuccessFactors representative. Chapter 117 Configuring SuccessFactors 1015

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information