Skip to Content
Technical Articles

SAP SuccessFactors Integration with OAuth2SAMLBearerAssertion flow.


This authorization flow allows for propagation of a user’s identity from any client application deployed anywhere all the way through to the asset management service (like SAP SuccessFactors in this instance).

A truly end to end Single Sign On!

Putting it all together.

I divided the SAP SuccessFactors Integration with OAuth2SAMLBearerAssertion authorization flow into the following two categories, namely:

1. SAP SuccessFactors Integration with SAP BTP Destination service comprised of three instalments, namely:

a. with the default [destination service] trust OAuth2SAMLBearerAssertion Flow with SAP BTP Destination Service. SAP SuccessFactors.

b. bring your own trust: OAuth2SAMLBearerAssertion flow with SuccessFactors with Quovadis-SAP destination.

c. Troubleshooting: How to troubleshoot SAP BTP OAuth2SAMLBearerAssertion destination with SuccessFactors?

2. SAP SuccessFactors without additional SAP BTP tie-in with the following instalment, namely:

How to generate SAML bearer assertion token for OAuth2SAMLBearerAssertion flow?

Additionally, when a target resource cannot be hooked to an IdP, I may have found a way to help avoid using a system (technical) user with either the built-in destination service definition or when a saml bearer assertion is generated with custom code.

The approach consists of having a self-issued x509-signed JWT token representing a system user identity as described in the following blog post: Bring your self-made user JWT with Keycloak OIDC.



Additional resources.

SAP SuccessFactors HXM Suite OData API: Developer Guide (V2)

Scenario: User Propagation from the Cloud Foundry Environment to SAP SuccessFactors

Extending SAP SuccessFactors in the Cloud Foundry Environment Manually

How to initiate an OAuth connection to SuccessFactors Employee Central?

SuccessFactors Integration For Beginners – Connecting With OAuth

SAP Cloud Integration – OAuth2 SAML Bearer/X.509 Certificate Authentication Support in SuccessFactors Connector


Be the first to leave a comment
You must be Logged on to comment or reply to a post.