SAP SuccessFactors Integrations – Bidirectional Identity Integration with Microsoft Azure Active Directory
With this blog post we like to introduce our latest released implementation design principle document about Bidirectional Identity Integration with Microsoft Azure Active Directory and the team of partners behind it.
The document provides advice on the technical design and configuration of SAP SuccessFactors custom and productized integrations for Identity Provisioning with 3rd Party Identity Providers (IdPs), Active Directory domains (ADs) and their connected applications. As such it covers the following topics:
- Extending and configuring Microsoft Azure Active Directory integration
- Identity Access Management and Security aspects of Identity Provisioning
- Extending existing installation of SAP on-premise HCM and MS AD or 3rd Party HR System
installations and Azure AD by custom user provisioning or attribute writeback.
- API best practices for building custom integrations for user provisioning and attribute writeback
Integration Processes in an Identity Management Landscape
When it comes to the integration of Identity Providers and their Active Directory domains there are three major data flows involved. Identity Provisioning, Access Management and Attribute Writeback.
User or Identity Provisioning is the process of replicating the identity from its source where it is created (or sources as it could be multiple ones) to the target systems where the identity is required. Target systems can be central user repositories such as Microsoft Active Directory (MS AD) or Microsoft Azure Active Directory (MS Azure AD) but also applications connected to the corresponding IdP.
Attribute writeback is the process of writing back information from the Active Directory into the core HR system. The data written back usually includes email, phone, and login usernames. In some cases, photos and further attributes might be added.
Last, but not the least there are tools to manage the access rights of the identity, e.g., if a user shall have access to application A or B. This can either be done on the IdP level by adding or removing users from applications in the IdP or by changing the permission configuration in the target system. Beside custom integrations we see products such as SAP Access Control (AC) and SAP Cloud Identity Access Governance (IAG) supporting this process.
The picture above gives an overview of a potential customer landscape consisting of SAP SuccessFactors, SAP Identity Authentication Service and Provisioning Service (IAS and IPS), Microsoft Azure AD Provisioning Service, Microsoft Azure Active Directory and Active Directory (MS AAD and AD), SAP HCM and SAP IDM on-premise. It shows how the identities flow through the system landscape and how attributes are written back again.
As with most of our IDPs this was a team effort between SAP, Microsoft and our Partners. We like to acknowledge the contribution of the Co-Authors Amit Taur, Arijit Kumar Das, Chris Paine, Himadri Chakraborty, Praveen Yaram and Rupesh Kumar (in alphabetical order) to this document:
Amit has over 13 years of experience in SAP HCM and SuccessFactors together. Currently he is working with European customers as SuccessFactors and Integration Architect.
He likes fast pace of work and innovation around the technology. His strengths are communication, analytical and technical skills along with implementation strategies and planning. His experience includes in depth knowledge of SuccessFactors Employee Central, Recruiting and SuccessFactors integration with ERP Backend. He has developed SuccessFactors extension apps, extended many SAP Standard HCM Fiori Apps and also did Fiori LaunchPad configurations. He has worked in implementation, support and rollout project as well as in all project phase such as sales, quotation, project planning, setup, implementation and go-live. He has good experience in managing team and project.
He is certified in several SuccessFactors modules since years including SuccessFactors Employee Central; SuccessFactors Full Cloud/Core Hybrid – Integration With ERP; SuccessFactors Talent Hybrid.
Arijit is a Manager in the Human Capital practice at Deloitte Consulting GmbH who is passionate about connecting people and technology; and helping organizations develop and execute their business strategies.
His experience comes from 20+ years of large-scale business-driven technology transformations related to the design and delivery of global and regional SAP implementations and in particular SuccessFactors.
He is a strong performer, results driven, team player, resilient, confidant, honest, empathetic and goal oriented and have the highest integrity who always puts the needs of the team first. He excels at leading, inspiring and teaming with people to explore new ways of delivering innovation and creating authentic lasting relationships.
Chris, an SAP Mentor, SAP HANA Distinguished Engineer, SAP SuccessFactors community advocate and general outspoken HR Technologist has been implementing SAP HR solutions on premise and in the cloud for over 20 years. He’s Chief HR Geek at Discovery Consulting and proud of it.
He takes great interest in all new SAP technical innovations and has in particular been involved in pushing the envelope of SAP SuccessFactors enhancement solutions built on SAP Business Technology Platform. Whilst these days Chris is often putting together PowerPoint slides on system architecture and integration strategies, he also does get hands-on with the actual technical implementations of solutions.
A frequent presenter at SAP conferences and a prolific contributor to SAP forums (both public and behind the scenes partner discussions), Chris loves to share his thoughts on working better and smarter with SAP technologies. Don’t ask him about blockchain.
Himadri designs, architects, develops and provides consulting solutions to complex integration requirements involving SAP Process Integration (SAP PI), SAP Cloud Platform Integration and SAP AIF. He is current working as a Senior Manager at EY Australia.Himadri is experienced in several end to end SAP integration projects and is currently focusing on SuccessFactors integration using SAP Integration Suite.
He is certified in SAP Cloud Platform Integration and SAP Exchange Infrastructure.
Praveen works as a Solution architect, with expertise in end to end SuccessFactors and SAP implementations.
His expertise includes:
|Rupesh is SuccessFactors Certified HR Solution & Integration Architect with extensive experience of HCM Implementation across different industry sectors. He specializes in Solution, Design and Implementation of Complex and Large HCM transformation with over 15 years of experience. He has solution expertise across HCM Solution, Data Migration, Integration Architecture and Landscape, Cutover Management, 3rd Party Management, ABAP HR and Technical Delivery of RICEFW objects. He is currently with Capgemini as a HR Solution Lead, Integration/Technical Architect.|
Conclusion and Outlook
The new Microsoft Azure Active Directory integration is a major step into simplifying the integration between SAP SuccessFactors and Microsoft’s Identity Management solution and replaces the SAP delivered integration template offered on the API Business Hub. Stay tuned for more content about this topic from our partners and their contribution to this implementation design principle document:
Rupesh Kumar: Wait is over! – SAP SuccessFactors Bidirectional Integration IDP (includes global assignment and concurrent employment scenarios) | SAP Blogs
Arijit Kumar Das: When it comes to Identity we are truly spoilt for choices | SAP Blogs