- Click on Add another Service Provider ACS.
- In One Model navigate to the company settings page.
- Find the SAML 2 Integration section, click Add SAML2 Integration.
- Select the Automatically configure SAML2 from metadata URL Configuration Source option and populate the following fields:
Metadata URL: enter the SuccessFactors SAML metadata URL from step 1
Issuer: https://[data_center].successfactors.com/sf/idp/SAML2/company/[companyID] e.g. https://pmsalesdemo8.successfactors.com/sf/idp/SAML2/company/SFPART01000Preferred Binding: select HTTP Post
Employee IDs: select Populate Employee ID with SAML NameID
Default Application Roles: select the role/s that you wish newly created users to have
Default Data Access Roles: select the role/s that you wish newly created users to have
Log In Automatically: leave as Let users choose between SSO or Username/Password login
The following screenshot shows an example of the filled out form.
- Go to the One Model login page (log out if you are currently logged in).
- On the login page, you should now have a Single Sign On button.
- Click the Single Sign On button.
- If you were not logged into SuccessFactors already your browser will be redirected to the SuccessFactors login screen.
- Log into SuccessFactors.
- You should be redirected back to One Model.
If you receive a message that your account is not configured for Single Sign On, then you will need to edit your One Model account to allow Single Sign On. To do so, login using your username and password and edit your user account (go to Admin > Users then click Edit next to your account), check the Can Single Sign On checkbox and click Save.
- You will need to enter and confirm your first and last name.
- Once confirmed, you should be logged in to One Model. Your access will depend on the default roles that you selected when configuring SAML2 in One Model.
- Default roles are applied to users when they are created via SSO. Changing the default roles won’t update the roles for users that have already been created.
- Users created via SSO won’t be able to log in to One Model with a username and password, unless specifically configured to allow it.
You can enable username/password login when editing users in One Model.
- Users created via the One Model web app won’t able to log in via SSO unless specifically configured to allow it.
You can enable SSO login when editing users in One Model.