Using X.509 based authentication with SAP SuccessFactors Intelligent Service Center > Integration Center and Cloud Integration
Dear SAP community,
In this blog posting we will see one sample connecting SAP SuccessFactors Intelligent Service Center(ISC) > Integration Center(IC) > Cloud Integration (CPI) with X.509 based authentication (client certificate key) generated in Admin center > Security Center.
This method can be used to have better security instead of using Basic Authentication.
Let’s check the activity in the sequence.
Access the SAP SuccessFactors > Admin center > Security Center > X509 Certificates > “Add” button and fill the details like the sample below:
For your reference, we used the selections:
- Certification Authority (CA) = SAP Cloud Root CA
Signature Algorithm = SHA256WithRSA
Valid Until = max 1 year > please notice that you will need to get this certificate renewed post 1 year.
After you create your entry like the sample above, click in the “Download” > “X509 Certificate” > and save the file with .CRT extension in your computer to be used later (step 03).
Open the Admin center > Intelligent Service Center > Find your event > click in the right side to add one “Integration” from the “Custom Activities”, this will open your Integration center tool.
- Note = This post does not cover all the details/expertise required for ISC and IC setup, we will jump direct to the IC > “Destination Settings” part. If you want to learn more, please check the handbooks (ISC, ISC 02, IC).
Create one Integration center Interface and just Save to be used later (step 04).
In the sample above, we created this integration center Interface named “ISC_IC_CPI_SAP” that will be triggered “When event is published”.
Don’t forget that in ISC you need to use the button “Actions” > “Save Flow“.
Access your SAP Cloud Integration tenant and create your custom artifact to receive this incoming API call from Integration center.
One easy way to achieve this is using HTTPS connector. Under “Connection”, select the field “Authentication” the option “Client Certificate”.
Using the button “Add”, select the file with .CRT extension created in the step 01 stored locally in your computer and upload in your tenant. Save and deploy your artifact!
Open your Admin center > Integration Center > “Destination Settings” and edit the integration created in the step 02 from your ISC custom activity.
In the sample above, we used the REST API URL from the CPI (step 03) and the Authentication Type “Client based Authentication”. In the field X509 Certificate = we selected from the dropdown the certificate created in the initial part of Security center (step 01).
The mentioned steps above covered in general the end to end setup.
Certificate based authentication (X.509) is the market standard secure way of API connectivity.
Using the steps of this blog posting, the objective was helping our customers and partners achieving the same with SAP cloud tools:
- SAP SuccessFactors Intelligent Service Center (ISC)
- Integration Center (IC)
- SAP Cloud Integration (CPI) (or formerly called HCI or SCPI).
In the step 03 of this blog, we asked to use HTTPS connector. Under “Connection”, select the field “Authentication” the option “Client Certificate”.
Actually there is one better option, kindly check this other blog, where is suggested to use “User Role” instead of “Client Certificate”.
Client certificate based authentication from SAP SuccessFactors Integration Center to SAP Cloud Integration | SAP Blogs
Hope this sample could be helpful for you 🙂