MyTechReference - Technical Notes

by IDAMGroup

NetIQ Access Manager SSO with SuccessFactor


I am going to show you how SuccessFactors application will be integrated with Novell Access Manager using SAML2.0 federation protocol. In this Novell Access Manager will be configured as an Identity Provider and SuccessFactors will be Service Provider.

SuccessFactors integration will be IdP initiated web SSO, where user will access the IdP initiated URL And they will be prompted for authentication. Once the authentication is successful they will redirected SuccessFactors Home/Target Page.

  • NAM Version : 3.2 IR1
  • OS : Sles 1 SP2 64bit

IdP Initiated SSO Flow


  1. When user access the IdP initiated URL
  2. Identity Provider will prompt for authentication.
  3. User enters the credentials.
  4. On successful authentication Identity Provider send SAML Response with Assertion containing users email address to Service Provider (SuccessFactors).
  5. Concur validate the SAML Assertion against its user store.
  6. Once the validation is successful it will redirect the Concur home page.

 What to get from Service Provider

  • SuccessFactors Metadata URL
  • Trusted root Certificate
  • SuccessFactors landing/target page

What to give

  • NAM Metadata (
  • NAM trusted root (Export the trusted root of )

Below are the steps required to configure the SAML2.0 Federation with concur application.

  1. Configure the Shared Attribute
  2. Create SAML2.0 Service Provider
    • Select the Attributes to send along with authentication
    • Select Authentication response
    • Configure the Inter site Transfer URL

Shared Attribute

  •  Create Attribute set which will be shared with Service Provider

Identity Servers–>Shared Settings

Name: Successfactors


  • Click new and create “employeeNumber” attribute which will be shared with Concur application




  • Click Ok and update the Identity Server

 Create Service Provider

  •  Identity Servers–> Edit–>SAML2.0–>Trusted Providers–>Service Provider


Select Source as Metadata URL and provide the below details



Note : This is just a example URL


  • Import the Server Signing certificate and click Next and finish the configuration
  • Now select the newly created Service Provider (SuccessFactors)
  • Click the Attribute tab and select the Attribute set “Successfactors” and move the employeeNumber attribute to “Send with authentication”



  • Click Authentication Response tab and select the Binding as “POST” and select the Unspecified and make it as Default value. 


  • Click the Intersite Transfer Service tab and provide the following details

ID: SuccessFactors

  •  Click Ok and update the Identity Servers


Now access the IDP Initiated URL as

NetIQ Access Manager prompts you for the password and once the authentication is successful it will redirect to the Intersite Transfer Service URL

It Support SP Initiated SSO as well.


Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.