cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IAS for External Learner and Onboardee

SunnyZ
Contributor

on ‎2024 Nov 22 5:35 AM

425

Hello all,

We have recently faced an issue that may have been emphasised due to the enforcement of using IAS for External Learners.

Summary
Our customer was looking to onboard one of their external learners (addressed as "User") via the onboarding process, and both platforms/applications (Learning and Onboarding) are connected to the same IAS. This user can then be authenticated when using email address but cannot log in.

Process
This user is an active external learner using SAP IAS for authentication, the profile was registered with the user's first name, last name and email address. When the onboarding process started, the customer admin provided the same information recorded in the external learning profile, including first name, last name, and user's email address. The email address then leads to a user sync error in IAS, noting a profile already exists with the same email address.

Cause (Potentially?)
This user's email address already exists in IAS, the user can pass the IAS authentication but cannot log in successfully, given the external learning profile uses "firstname.lastname" as username and the onboarding profile uses "potential employee ID" as username. So the user cannot access the portal for onboarding processes.

Temp Fix
We suggested a temporary fix by asking the customer to deactivate this user's external learning profile from LMS. IAS will then delete this user's profile on IAS and free up the email address. Then Onboarding can utilise the email address and allow the user to finish the onboarding process. Once the user is onboarded and created as an employee, the customer admin can merge the 2 learning profiles together and retain the learning history.

Thoughts
However, the customer shouldn't need a "workaround", such as using a different email address or deactivating one of the IAS user profiles. It is a normal and reasonable process for any business to recruit external learners to become a part of the organization. IAS should have gone through the business impacts when pushing for SAP IAS.

Furthermore, if any customers are using "External Learning", "Onboarding", as well as "Pre Day 1 Learning", it may create chaos. The customer admin may have to constantly activate/deactivate different user profiles in IAS to allow users to access different portals, and it will lead to a massive amount of manual work for the admins.

Has anyone faced the same issue before? Or predict this may happen in the near future? Please kindly share your thoughts! (A ticket has been raised with SAP and may be requested to raise an enhancement request....)

Thanks,
Sunny

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
Amin_Omidy
SAP Champion
SAP Champion
‎2024 Nov 24 12:07 AM

Hi Sunny,

Here are key steps to help resolve the issue. If the issue persists, consider creating a case with SAP support for your IAS tenant to review further:

  1. Utilize a unique attribute (e.g., Employee ID or external learner ID) as the IAS username for both Learning and Onboarding profiles. Ensure this attribute remains consistent during user synchronization.
  2. Establish a clear governance process for managing profile transitions from external learner to employee. This may include:
    • Assigning temporary email addresses for onboarding profiles.
    • Automating profile merges post-onboarding to reduce administrative overhead.
  3. Review the integration architecture of IAS, Learning, and Onboarding to ensure no attribute conflicts occur during synchronization.

Hope this helps,

Thanks,

@Amin_Omidy 

 

Show replies
Show replies
j_92
Explorer
‎2025 Feb 05 8:42 AM
0 Kudos
My customer has the same issue for Pre-Day 1. We used the Employee ID from EC/Platform to populate the User ID field in LMS. But after the users are created in LMS via connector, they cannot access Learning with error "Failed to authenticate SAML response...". Initially, I mapped the User ID from EC/Platform
Ask a Question