Requirements

Setup SuccessFactors as an Identity Provider

  • Click on Add another Service Provider ACS.
  • Click Save.

Configure One Model for Single Sign On

  • Log into One Model.
  • In One Model navigate to the company settings page.
  • Find the SAML 2 Integration section, click Add SAML2 Integration.
  • Select the Automatically configure SAML2 from metadata URL Configuration Source option and populate the following fields:

    Metadata URL: enter the SuccessFactors SAML metadata URL from step 1
    Issuer: https://[data_center].successfactors.com/sf/idp/SAML2/company/[companyID] e.g. https://pmsalesdemo8.successfactors.com/sf/idp/SAML2/company/SFPART01000Preferred Binding: select HTTP Post
    Employee IDs: select Populate Employee ID with SAML NameID
    Default Application Roles: select the role/s that you wish newly created users to have
    Default Data Access Roles: select the role/s that you wish newly created users to have
    Log In Automatically: leave as Let users choose between SSO or Username/Password login

    The following screenshot shows an example of the filled out form.
  • Click Save.

Test Single Sign On

  • Go to the One Model login page (log out if you are currently logged in).
  • On the login page, you should now have a Single Sign On button.
  • Click the Single Sign On button.
  • If you were not logged into SuccessFactors already your browser will be redirected to the SuccessFactors login screen.
  • Log into SuccessFactors.
  • You should be redirected back to One Model.

    If you receive a message that your account is not configured for Single Sign On, then you will need to edit your One Model account to allow Single Sign On. To do so, login using your username and password and edit your user account (go to Admin > Users  then click Edit next to your account), check the Can Single Sign On checkbox and click Save.
  • You will need to enter and confirm your first and last name.
  • Once confirmed, you should be logged in to One Model. Your access will depend on the default roles that you selected when configuring SAML2 in One Model.

Important Considerations

  • Default roles are applied to users when they are created via SSO. Changing the default roles won’t update the roles for users that have already been created.
  • Users created via SSO won’t be able to log in to One Model with a username and password, unless specifically configured to allow it.

    You can enable username/password login when editing users in One Model.
  • Users created via the One Model web app won’t able to log in via SSO unless specifically configured to allow it.

    You can enable SSO login when editing users in One Model.

Did this answer your question?