Human Capital Management Blogs by SAP
Get insider info on HCM solutions for core HR and payroll, time and attendance, talent management, employee experience management, and more in this SAP blog.
cancel
Showing results for 
Search instead for 
Did you mean: 
former_member18168
Product and Topic Expert
Product and Topic Expert
Dear SAP community,

Summary:


In this blog posting we will see one sample connecting SAP SuccessFactors Intelligent Service Center(ISC) > Integration Center(IC) > Cloud Integration (CPI) with X.509 based authentication (client certificate key) generated in Admin center > Security Center.

This method can be used to have better security instead of using Basic Authentication.

Let's check the activity in the sequence.


01)


Access the SAP SuccessFactors > Admin center > Security Center > X509 Certificates > "Add" button and fill the details like the sample below:


For your reference, we used the selections:


  • Certification Authority (CA) = SAP Cloud Root CA


  • Signature Algorithm = SHA256WithRSA


  • Valid Until = max 1 year > please notice that you will need to get this certificate renewed post 1 year.


After you create your entry like the sample above, click in the "Download" > "X509 Certificate" > and save the file with .CRT extension in your computer to be used later (step 03).


02)


Open the Admin center > Intelligent Service Center > Find your event > click in the right side to add one "Integration" from the "Custom Activities", this will open your Integration center tool.




  • Note = This post does not cover all the details/expertise required for ISC and IC setup, we will jump direct to the IC > "Destination Settings" part. If you want to learn more, please check the handbooks (ISC, ISC 02IC).


Create one Integration center Interface and just Save to be used later (step 04).


In the sample above, we created this integration center Interface named "ISC_IC_CPI_SAP" that will be triggered "When event is published".

Don't forget that in ISC you need to use the button "Actions" > "Save Flow".


03)


Access your SAP Cloud Integration tenant and create your custom artifact to receive this incoming API call from Integration center.

One easy way to achieve this is using HTTPS connector. Under "Connection", select the field "Authentication" the option "Client Certificate".

Using the button "Add", select the file with .CRT extension created in the step 01 stored locally in your computer and upload in your tenant. Save and deploy your artifact!


 

After you deploy, you can get your endpoint generated in the Overview > Manage Integration Content > your artifact name.



This endpoint will be used in the Integration center "Destination Settings" (next step).


 

04)


Open your Admin center > Integration Center > "Destination Settings" and edit the integration created in the step 02 from your ISC custom activity.


In the sample above, we used the REST API URL from the CPI (step 03) and the Authentication Type "Client based Authentication". In the field X509 Certificate = we selected from the dropdown the certificate created in the initial part of Security center (step 01).

 

05)


The mentioned steps above covered in general the end to end setup.

When your ISC event is triggered, this will send the message to IC and later on to your CPI custom artifact.


If everything was setup correctly, will see the successful message in your Monitor from your tenant.



 

Conclusion:


Certificate based authentication (X.509) is the market standard secure way of API connectivity.

Using the steps of this blog posting, the objective was helping our customers and partners achieving the same with SAP cloud tools:

  • SAP SuccessFactors Intelligent Service Center (ISC)

  • Integration Center (IC)

  • SAP Cloud Integration (CPI) (or formerly called HCI or SCPI).


 

Update 26-May-2022:

In the step 03 of this blog, we asked to use HTTPS connector. Under "Connection", select the field "Authentication" the option "Client Certificate".

Actually there is one better option, kindly check this other blog, where is suggested to use "User Role" instead of "Client Certificate".

Client certificate based authentication from SAP SuccessFactors Integration Center to SAP Cloud Inte...

 

 

 

Hope this sample could be helpful for you 🙂

Cheers

Soliman