Scenario
Whenever you need to access SuccessFactors data through the SAP SuccessFactors App on Microsoft Teams message extensions. For example, the popup form that displays Request/Give Feedback, you may be asked to login in SuccessFactors again.
Problem statement
We want to achieve single sign on capability between set of Teams users managed by Azure AD, and set of SF users managed by IAS (Identity Authentication Service).
Possible solution
The recommended approach to achieve SSO in such dual IDP scenario is to enable proxy between the two IDPs. More documentation here: https://help.sap.com/docs/identity-authentication/identity-authentication/corporate-identity-provide...
https://help.sap.com/docs/identity-authentication/identity-authentication/integrating-service-with-m...
Customer Impact
Depends on what IDP you have to log in to SuccessFactors today...
- If you do not have IAS enabled as your IDP, then you will be prompted to re-log in on the Teams side.
- If you already have Azure AD as your SF IDP, then single sign on will work for you.
- If you already have IAS as your SF IDP, you must implement the below to achieve SSO.
- configure IAS as proxy mode to Azure AD and use Azure AD as the real SF IDP, see above documentation.
Ask to customers
- What scenario of the above applies to you today?
- If scenario #3 applies to you, what would be the effort to implement? You may need to undergo an IT strategy change so please do reach out to your technical contacts for this.
