Getting started with administration
Objectives
After completing this lesson, you will be able to:
- Identify Administrator Tasks
- Troubleshoot User Login Issues
- Ensure that consultants and customers use the same SAP SuccessFactors common terms
Roles and responsibilities of a typical SAP SuccessFactors System Administrator
Reset passwords
As an administrator, it is likely that resetting passwords will be part of your role. There are three types of password resets available in SAP SuccessFactors.
The following interaction walks you through the different between those three:
Reset locked user accounts
Resetting user accounts is only applicable if your company allows users a specific number of unsuccessful login attempts before locking their account. The system automatically locks the user account when the user exceeds the number of allowable unsuccessful login attempts.
This means that once the account is locked, the user will not be able to log in again until an administrator resets the account. When you reset an account, you're only reactivating the account so that the user can login again; no other changes are made.
As an administrator, you can easily and quickly reset locked user accounts.
From the Admin Center, select Reset User Account.
You will be directed to a page in which you can filter employees by division, department, group, or location, or simply enter their name or job code. Enter search criteria and select Search Users.
The system generates a list of users that match your criteria. A locked out user is displayed on the list with a red X in the Status column.
Choose the users that you would like to reset by selecting the checkbox next to their name.
Select Reset Selected Users to reset and unlock their user accounts.
Single Sign-On (SSO)
What is Single Sign-On?
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property, a user logs in once and gains access to all systems without being prompted to log into each of them. SuccessFactors offers a number of SSO options to allow users to access the application without entering their SuccessFactors username and password.
Access an SSO Enabled Instance
When customers enable SSO, we can no longer log into their instance. The steps below will allow you to use Secondary Login/Secure Access to log into the instance. This is the recommended method to access these instances. You do not need to enable Partial Organization SSO or ask the customer for a login through their SSO portal.
Steps to Follow to Enable Secondary Login Access (Manage Support Access)
Go into Provisioning for the company ID you need to access.
Go to Company Settings.
Check on the box for Enable Secondary Login Feature and choose Save.
Login as an Admin or guide a customer Admin through the following steps to enable Manage Support Access:
NoteIf you make the changes yourself, you should still make sure the customer's Admin is aware of the process. They may want to disable this access in the future.Access the role you want to add the Manage Support Access permission to.
Go to Manage Employees.
Set User Permissions.
Manage Permission Roles and select the role.
NoteBest practice is to add this permission to the customer’s System Administrator role.Select Permission Settings.
Select Admin Permissions.
Select Manage User.
Select Manage Support Access.
Select Done.
Save changes.
Enable login access to a specified user
When the customer uses single sign-on (SSO), Professional Services consultants or support representatives will need to enable login access for their users from Admin Center before SSO is enabled.
From the Action Search, go to Manage Support Access: Find the user. Check the box for user, define when the access expires and select Grant a Support Administrator access to the account.
If enabled, a Support Administrator may have unrestricted login access to a user account until the access expires or until the customer disables the support access. The customer can follow the same process but select Disable Support Access to deny us access to the user.
Once the user has been granted Support Administrator access, they can go to Provisioning, select their customer's instance, and under the section Customer Instance Access, they can choose Log in to customer instance.
On the Secondary Logon page, they type their username and select Login.
NoteYou must have Provisioning Access for this to work.
Platform Feature Settings
Several platform options and features can be enabled or disabled from Platform Feature Settings. To have access to this area of the tool, users need to have the permission Platform Feature Settings in RBP under the Manage System Properties category.
From the Platform Feature Settings, we can also see the tenant preferred time zone.
Different time zones are used in the system to present date and time information based on business scenarios, including logged in user time zone, browser time zone, tenant preferred time zone, and UTC time zone. In places where server time zone was used, tenant preferred time zone is now used.
SAP SuccessFactors common terms
| Terms | Definitions |
|---|---|
| Instance | An instance is the front end, or customer-facing view, of SAP SuccessFactors systems. |
| Provisioning | Provisioning is the key configuration tool that SAP SuccessFactors uses to control many aspects of a customer instance. In essence, Provisioning is the back end of the system. Customers do not have access to Provisioning. |
| Admin Center | Admin Center is the central access point to a wide range of administrative features and tools that can be used to configure and maintain the SuccessFactors application. Admin Center can be used to monitor overall system health, manage cross-suite and third-party integrations. Unlike Provisioning, customers do have access to Admin Center. |
| Role-based Permission (RBP) | Role-based Permissions (RBP) are used to manage users’ permissions in SAP SuccessFactors. The two main components of RBP are permission roles and permission groups. Roles contain the various permissions necessary to perform tasks in an instance. Groups, which can be static or dynamic, contain the actual users who are granted access to roles via group membership. |
| Proxy | The proxy function allows one employee to act on behalf of another. |
| Home Page | The Home Page is the default starting page of the SAP SuccessFactors HXM Suite. For employees, the Home Page is the main entry point to the SAP SuccessFactors application and is generally the first page they see after logging into the system. It shows pending tasks, highlights recent activities, and helps users access common functions or areas of an instance quickly. |
| Org Chart | The Org Chart provides an interactive view of the organizational hierarchy and reporting relationships, including matrix managers, for your users. |
| Picklist | A picklist is a configurable set of options from which a user can select, typically in a dropdown menu or smart search list. |
| Metadata Framework (MDF) | The Meta Data Framework (MDF) is a platform functionality that allows consultants and customers to extend existing SuccessFactors HXM suite capabilities. The main building blocks of these extensions are called Generic Objects (GO). |
| User Data File (UDF) | The UDF is a comma-separated value (.csv) file and is used to add or change data for one or more employees’ records at a time. It is created manually or as an automated output from your Human Resources Information System (HRIS). |
| Form Templates | These templates contain the layout, sections and fields for each form. They are used to create individual forms for the target population. |
| Forms | In some areas of Admin Center, forms are referred to as documents. They are created from form templates and are used to record information, including employee performance evaluations during review cycles. |
| Job Code | This is a code assigned to each employee that is often mapped to a job role. Competencies are also mapped to job roles so a user’s job code can be used to determine the correct competencies to add to a user’s performance form automatically. |
| Line of Sight | This describes the reporting visibility of an individual within SAP SuccessFactors. For example, managers can view direct reports and those below. |
| Rating Scale | This determines the values, and meanings attached to those values, that will be used during performance evaluations and other areas where ratings are required. |
| Role Names | Role names are used in multiple modules and control various permissions:
Data supplied in an employee import file determines EM and/or EH roles. Customers can also set their own roles using Role-Based Permissions (RBP). |
| Route Maps | Route maps establish the workflow and steps that employees follow during a business process. Route maps specify the order in which a form moves from one employee to another and what employees can do during each step. |
