After completing this lesson, you will be able to:
As an administrator, it is likely that resetting passwords will be part of your role. There are three types of password resets available in SAP SuccessFactors.
The following interaction walks you through the different between those three:
Resetting user accounts is only applicable if your company allows users a specific number of unsuccessful login attempts before locking their account. The system automatically locks the user account when the user exceeds the number of allowable unsuccessful login attempts.
This means that once the account is locked, the user will not be able to log in again until an administrator resets the account. When you reset an account, you're only reactivating the account so that the user can login again; no other changes are made.
As an administrator, you can easily and quickly reset locked user accounts.
From the Admin Center, select Reset User Account.
You will be directed to a page in which you can filter employees by division, department, group, or location, or simply enter their name or job code. Enter search criteria and select Search Users.
The system generates a list of users that match your criteria. A locked out user is displayed on the list with a red X in the Status column.
Choose the users that you would like to reset by selecting the checkbox next to their name.
Select Reset Selected Users to reset and unlock their user accounts.
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property, a user logs in once and gains access to all systems without being prompted to log into each of them. SuccessFactors offers a number of SSO options to allow users to access the application without entering their SuccessFactors username and password.
When customers enable SSO, we can no longer log into their instance. The steps below will allow you to use Secondary Login/Secure Access to log into the instance. This is the recommended method to access these instances. You do not need to enable Partial Organization SSO or ask the customer for a login through their SSO portal.
Go into Provisioning for the company ID you need to access.
Go to Company Settings.
Check on the box for Enable Secondary Login Feature and choose Save.
Login as an Admin or guide a customer Admin through the following steps to enable Manage Support Access:
Access the role you want to add the Manage Support Access permission to.
Go to Manage Employees.
Set User Permissions.
Manage Permission Roles and select the role.
Select Permission Settings.
Select Admin Permissions.
Select Manage User.
Select Manage Support Access.
When the customer uses single sign-on (SSO), Professional Services consultants or support representatives will need to enable login access for their users from Admin Center before SSO is enabled.
From the Action Search, go to Manage Support Access: Find the user. Check the box for user, define when the access expires and select Grant a Support Administrator access to the account.
If enabled, a Support Administrator may have unrestricted login access to a user account until the access expires or until the customer disables the support access. The customer can follow the same process but select Disable Support Access to deny us access to the user.
Once the user has been granted Support Administrator access, they can go to Provisioning, select their customer's instance, and under the section Customer Instance Access, they can choose Log in to customer instance.
On the Secondary Logon page, they type their username and select Login.
You can grant or remove support access using the Manage Support Access admin tool. In this tool, there is also an option to filter user accounts that have support access called: Show Users with Valid Support Access. With this option you can quickly filter all user accounts that have support access.
For further information check: Managing Instance Access Guide
Several platform options and features can be enabled or disabled from Platform Feature Settings. To have access to this area of the tool, users need to have the permission Platform Feature Settings in RBP under the Manage System Properties category.
On Platform feature setting you can change the tenant preferred time zone when the tenant provisioned time zone doesn't match your preferred time zone. The changes to Tenant Preferred Time Zone is allowed only once and can’t be reverted after you set it.
For further information check: Tenant Preferred Time Zone.
|Enable Secondary Login Feature
|If this feature is enabled, partners can access the instance directly from the provisioning, if also enabled with the tool "Manage Support Access".
|Enable Upgrade Center Permission
|If this feature is enabled, users can use the tool "Upgrade Center" if the according permissions are enabled.
|Hide Username in the UI
|If this feature is enabled, username won’t be displayed in the Global Header and the employee quickcard. You cannot run a username search or see the username in the search results in the areas that have adopted People Search, which include the Global Header, Org Chart, People Profile, Change Audit, and others.
|Security Scan of User Inputs
If this feature is enabled, user input that contains the following content will be validated and harmful content will be filtered, and relevant API requests will fail.
|An instance is the front end, or customer-facing view, of SAP SuccessFactors systems.
|Provisioning is the key configuration tool that SAP SuccessFactors uses to control many aspects of a customer instance. In essence, Provisioning is the back end of the system. Customers do not have access to Provisioning.
|Admin Center is the central access point to a wide range of administrative features and tools that can be used to configure and maintain the SuccessFactors application. Admin Center can be used to monitor overall system health, manage cross-suite and third-party integrations. Unlike Provisioning, customers do have access to Admin Center.
|Role-based Permission (RBP)
|Role-based Permissions (RBP) are used to manage users’ permissions in SAP SuccessFactors. The two main components of RBP are permission roles and permission groups. Roles contain the various permissions necessary to perform tasks in an instance. Groups, which can be static or dynamic, contain the actual users who are granted access to roles via group membership.
|The proxy function allows one employee to act on behalf of another.
|The Home Page is the default starting page of the SAP SuccessFactors HXM Suite. For employees, the Home Page is the main entry point to the SAP SuccessFactors application and is generally the first page they see after logging into the system. It shows pending tasks, highlights recent activities, and helps users access common functions or areas of an instance quickly.
|The Org Chart provides an interactive view of the organizational hierarchy and reporting relationships, including matrix managers, for your users.
|A picklist is a configurable set of options from which a user can select, typically in a dropdown menu or smart search list.
|Metadata Framework (MDF)
|The Meta Data Framework (MDF) is a platform functionality that allows consultants and customers to extend existing SuccessFactors HXM suite capabilities. The main building blocks of these extensions are called Generic Objects (GO).
|User Data File (UDF)
|The UDF is a comma-separated value (.csv) file and is used to add or change data for one or more employees’ records at a time. It is created manually or as an automated output from your Human Resources Information System (HRIS).
|These templates contain the layout, sections and fields for each form. They are used to create individual forms for the target population.
|In some areas of Admin Center, forms are referred to as documents. They are created from form templates and are used to record information, including employee performance evaluations during review cycles.
|This is a code assigned to each employee that is often mapped to a job role. Competencies are also mapped to job roles so a user’s job code can be used to determine the correct competencies to add to a user’s performance form automatically.
|Line of Sight
|This describes the reporting visibility of an individual within SAP SuccessFactors. For example, managers can view direct reports and those below.
|This determines the values, and meanings attached to those values, that will be used during performance evaluations and other areas where ratings are required.
Role names are used in multiple modules and control various permissions:
Data supplied in an employee import file determines EM and/or EH roles. Customers can also set their own roles using Role-Based Permissions (RBP).
Route maps establish the workflow and steps that employees follow during a business process.
Route maps specify the order in which a form moves from one employee to another and what employees can do during each step.
Your customer wants to start with Role Based Permissions (RBP) and needs access to the tools so they can manage Role-Based Permission access.
Log in to track your progress & complete quizzes