Federated Authentication



1 Introduction

In order to improve security while streamlining access to Field Service Management applications, SAP Field Service Management has integrated Federated Authorization using SAML 2.0 and Microsoft Active Directory. This provides users with Single Sign-on access to all Field Service Management applications while protecting sensitive account information.

Note: In addition to Microsoft Active Directory, SAP Field Service Management also supports any SAML-compliant Identity Provider for Federated Authentication.


2 Federated Authentication Overview

This section provides an overview of the components involved in Federated Authentication, and how they relate to another.


3 Configure the Cloud Account in the Admin portal

Please note the following:

  • SAML is configured by default for ALL accounts
  • SAML is configured by default for ALL users

The steps contained in this section are only required for accounts for which SAML is not automatically enabled.


3.1 Add New SAML Configuration

  1. In the Admin portal open the account details, click on SAML menu entry on the left, click on Create.
  2. Fill the form as follows:
Field Description
Name Input a name for the new SAML configuration.
Identity Provider Metadata URL Here you will set the URL for the Identity Provider’s metadata (example: https://corp.dev.coresuite.com/FederationMetadata/2007-06/FederationMetadata.xml).
Issuer This is found in the metadata XML with xpath: /EntityDescriptor/@entityID
Login URL This is located in the metadata XML with xpath: /EntityDescriptor/IDPSSODescriptor/SingleSignOnService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"]/@Location
Identity Provider Signing Certificate to be found in the metadata xml with xpath: /EntityDescriptor/IDPSSODescriptor/KeyDescriptor[@use="signing"]/KeyInfo/X509Data/X509Certificate/text()



  1. Click Save.

3.2 Configure Account’s Default Authentication Method

This setting ensures that all new users of the account will use the specified authentication method.

  1. In the Admin portal open the account details, click on Edit to edit the account details
  2. Set Default SAML Configuration to your created SAML configuration.
  3. Click Save.

3.3 Configure User’s Authentication

A user can log in either via password (by default) or via SAML. In order to ensure that the user logins in via SAML, complete the following steps:

  1. Open User Detail and click Edit
  2. Choose SAML Configuration
  3. Click Save.

4 Configuring Your IDP

4.1 Name ID Tag

Required NameID attribute should be the Email of the User.

4.2 Sample Configurations

4.2.1 SAP IAS SAML 2.0

Please refer to the following guide if you are integrating with SAP IAS SAML 2.0.

4.2.2 Microsoft ADFS

Please refer to the following guide if you are integrating with Microsft ADFS


5 Post-Configuration

5.1 Web App Login

  • After entering the cloud account name on login, users will be directed to the external login page.
  • If SAML has NOT been configured for the user, they can still login directly to the application using their cloud credentials using the following url: https://apps.coresystems.net/workforce-management/#/login/password/
  • If SAML has been configured for the user, they are always directed to the external login page.

5.2 Mobile App Login

  • After entering the cloud account name on login, users will be directed to the external login page.
  • In order to login with username and password, users that are member of an account that uses SAML by default must enter their e-mail address instead of the account name in order to get to the username / password screen.
  • If SAML is NOT configured for the user, they can directly login to the application with their cloud credentials.
  • If the user has SAML configured, they will be directed to the external login page.