cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SuccessFactors login error due IAS/IPS changes

Go to solution
Soma5
Explorer

on ‎05-05-2023 2:36 PM

0 Kudos

Hello,

Currently our IPS configured as the following: We have SuccessFactors as the Source system and IAS as the Target system we login through SSO. In the IAS Target system I have changed in the Properties tab the username and password, which before I have set in the IAS 'Users and Authoriaztion' > 'Administrators' tab where I have added a System and in the 'Secrets' tab I configured a Client ID which is the Username and a Password which I have got after added a secret. After this I have added these credentials to the IPS (IAS) Target System User and Password field. Then I ran a read job and it deleted two user groups which was already defined in IAS, now no user can access to Succesfactor we got the following error message: 'You are currently not authorized to access it'. My question is that how can I fix this problem? Also I would like to understand why is the group deletion has happend? Any help will be much appreciated.

Regards,
Soma

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

istvanbokor
Advisor
Advisor
‎05-05-2023 6:42 PM
0 Kudos

Szia Soma,

Did you set all the permissions for the newly created system user, like Manage Groups?

If you don't find any reason, I believe the best if you create an incident under the BC-IAM-IPS component, sharing the screenshot of the system user permissions from the IAS admin console, the source and target system export from IPS along with the job log.

We advise you to consider migration of your Identity Provisioning tenants to SAP Cloud Identity Infrastructure.

Migrating bundle tenants to the infrastructure of SAP Cloud Identity Services improves the integration between the group of services that provide cloud identity capabilities: Identity Authentication, Identity Provisioning, and Identity Directory.

It allows you to take advantage of all Identity Provisioning new features, which from now on are released only for tenants on SAP Cloud Identity infrastructure.

For more information, check Migrate Identity Provisioning Tenant topic in the documentation:

https://help.sap.com/docs/IDENTITY_PROVISIONING/f48e822d6d484fa5ade7dda78b64d9f5/055f92d5e11d491c97b...

Why do I recommend this? You can simulate a provisioning job before you actually run it so that you can avoid similar unwanted deleted without running the actual job: https://help.sap.com/docs/identity-provisioning/identity-provisioning/simulate-provisioning-jobs?loc... the issue, I assume a new job with correct system user permissions and sf.user.filter would recreate the group, so that users could login again.Best regards,
István
Show replies
Show replies

Answers (0)

Ask a Question