SAP SuccessFactors User Management Guide

• Model type: role-based
• Description: SAP SuccessFactors uses Role-Based Permissions (RBP). Administrators create Permission Roles (defining what actions are allowed) and Permission Groups (defining which users are granted those roles and which target population they apply to). A user's effective permissions are the union of all Permission Roles assigned to them via Permission Groups. RBP replaced the legacy permission model and is the current standard across all modules.
• Custom roles: Yes
• Custom roles plan: Not documented
• Granularity: Permissions are configurable at the module, feature, field, and action level (view, edit, create, delete). Target populations can be scoped by org unit, location, job classification, or custom criteria, enabling fine-grained data access control.

1. Log in to SuccessFactors as an administrator.
2. Navigate to Admin Center (gear icon or top navigation).
3. Under 'Manage Users', select 'Add New User' (for individual creation) or use 'Import and Export Data' for bulk.
4. Enter required user fields: User ID, First Name, Last Name, Email, Username, and Status.
5. Assign the user to the appropriate company (if multi-company instance).
6. Save the user record.
7. Navigate to Admin Center > Set User Permissions > Manage Permission Groups.
8. Add the new user to the relevant Permission Group(s) to grant module access.
9. Optionally assign the user to an org structure (department, division, location) via the employee profile or import.

Required fields: User ID (unique identifier, typically employee ID), Username (used for login), First Name, Last Name, Email Address, Status (Active/Inactive)

Watch out for:

• Creating a user record in 'Manage Users' does not automatically grant any system access; Permission Group assignment is a separate required step.
• User ID and Username must be unique across the instance and cannot be changed after creation without data migration steps.
• In instances using Employee Central, the authoritative user record is the Employee Central profile, not the standalone 'Manage Users' tool. Creating users only in Manage Users without an EC record can cause data inconsistencies.
• Password policies and login methods (SSO vs. username/password) are configured separately in Provisioning or Admin Center and affect whether a newly created user can actually log in.
• New users do not receive a welcome/activation email by default unless the email notification is explicitly configured.

• Can delete users: No
• Delete/deactivate behavior: SAP SuccessFactors does not support permanent deletion of user records through the standard Admin Center UI. The standard practice is to set a user's Status to 'Inactive', which prevents login and removes the user from active workflows. In Employee Central, terminating an employee creates a termination record with an effective date, which triggers the inactive status. Physical deletion of user data may be possible under specific data privacy/GDPR processes via the Data Retention Management tool or SAP support, but this is not a routine administrative action and has strict prerequisites.

1. Navigate to Admin Center > Manage Users.
2. Search for the user by name, User ID, or username.
3. Open the user record.
4. Change the 'Status' field from 'Active' to 'Inactive'.
5. Save the record.
6. For Employee Central users: process a termination event on the employee's Job Information portlet with the appropriate termination date and reason, which will automatically set the user to inactive on the effective date.

Watch out for:

• Deactivating a user in Manage Users does not automatically terminate their Employee Central record; both actions may be required depending on instance configuration.
• Users with pending workflow approvals or open tasks should have those items reassigned before deactivation to avoid process blockages.
• Inactive users may still appear in org charts or reports unless filters are applied; administrators should verify reporting configurations after deactivation.
• GDPR/data privacy deletion requests require use of the Data Retention Management tool and may require SAP support involvement; this is separate from routine deactivation.
• Reactivating a previously inactive user requires manually setting Status back to Active and verifying Permission Group memberships are still correct.

• Where to check usage: Admin Center > Company System and Logo Settings (for total active user count); detailed license consumption reporting is typically available through SAP for Me (support portal) or via your SAP account executive. Some instances have access to 'License Audit' reports under Admin Center > Reporting.
• How to identify unused seats: Run a user activity report or last-login report via Admin Center > Reporting > Ad Hoc Reports or via the Analytics module to identify users who have not logged in within a defined period. Filter the Manage Users list by Status = Active and cross-reference with login history.
• Billing notes: SAP SuccessFactors is licensed on a named-user, per-module basis with annual subscription terms. Implementation fees are typically separate and can equal 100–125% of annual software fees. License counts are typically reconciled annually. Inactive users may or may not count toward license totals depending on contract language; confirm with SAP account team. Multi-module discounts and enterprise agreements are negotiated directly with SAP.

Creating a user in Admin Center > Manage Users does not grant any system access; Permission Group assignment is a mandatory second step that is easy to miss and has no automated reminder. Bulk imports via CSV require exact template adherence-a single formatting error fails the entire job with limited diagnostic output.

Deactivating a user sets their SuccessFactors status to inactive but does not cascade to SSO sessions, downstream systems, or, in Employee Central tenants, the EC termination record, which must be processed separately. Each of these gaps compounds across every app tied to SuccessFactors identity, turning routine offboarding into a multi-system checklist.

Community evidence is not specific enough to quote or summarize yet for this app.

Manual administration is viable for organizations with low user-change velocity and a dedicated HR ops team comfortable with RBP configuration. The process breaks down at scale: bulk import fragility, the absence of cascading deactivation, and opaque license reconciliation all increase error surface as headcount grows.

Teams managing frequent onboarding cycles or multi-module deployments should evaluate whether the manual process can reliably keep every app in sync without automation support. GDPR deletion requests add a separate operational track via the Data Retention Management tool and are outside the standard deactivation workflow entirely.

Bottom line

SAP SuccessFactors manual user management is functional but layered: creating access requires two distinct steps (user record plus Permission Group), removing access requires parallel actions in both Manage Users and Employee Central, and license reconciliation requires SAP account team involvement.

The RBP model is powerful but demands ongoing configuration discipline. Organizations with stable, low-volume user changes can manage this manually;

those with high onboarding or offboarding frequency will accumulate operational debt quickly without a structured process or automation layer to close the gaps between SuccessFactors and every app that depends on it.