Bidirectional integration between SAP SuccessFactors & Azure Active Directory in Microsoft Azure Enterprise applications – Part 2 – Technical configuration for SuccessFactors Writeback
This blog is a continuation of the “ Part 1 – Technical configuration for SAP SuccessFactors to Azure Active Directory user provisioning“.
In section, we will focus on the Technical configuration for SuccessFactors Writeback.
For this demonstration, I have already created an Azure AD tenant and using SAP SuccessFactors & Azure trail account for the POC.
We can use the same API user(SFAPI2) which we created in part1(step 1 to 4) .
Steps need to perform in SAP SuccessFactors
Step :1 SuccessFactors Writeback provisioning app uses certain code values to identify email in Employee Central.
1.1 In SuccessFactors Admin Center, search for Manage business configuration.
1.2 Under HRIS Elements, select emailInfo and click on the Details for the email-type field.
1.3 On the email-type details page, note down the name of the picklist associated with this field. By default, it is ecEmailType. However it may be different in your tenant.
Step :2 Retrieve constant value for emailType
2.1 In SuccessFactors Admin Center, search and open Picklist Center.
2.2 Use the name of the email picklist captured from the previous section (e.g. ecEmailType) to find the email picklist.
2.3 Open the active email picklist.
2.4 On the email type picklist page, select the Business email type.
2.5 Note down the Option ID associated with the Business email. This is the code that we will use with emailType in the attribute-mapping table.
Steps need to perform in Microsoft Azure AD
Step :3 Add the provisioning connector app and configure connectivity to SuccessFactors
To configure SuccessFactors Writeback:
3.1 Login to Azure Portal
3.2 In the left navigation bar, select Azure Active Directory
3.3 Select Enterprise Applications
3.4 Select All Applications and Select Add an application.
3.5 Search for “SuccessFactors Writeback” and select
3.6 Click on create and add that app from the gallery.
3.7 Wait till adding the application “SuccessFactors Writeback “
3.8 After the app is added and the app details screen is shown, select Provisioning
3.9 Click on “Get Started “
3.10 Change the Provisioning Mode to Automatic
3.11 Complete the Admin Credentials section as below and test the connection.
3.13 Once the credentials are saved successfully, the Mappings section will display the default mapping. Refresh the page, if the attribute mappings are not visible.
Step 4: Configure attribute mappings
4.1 On the Provisioning tab under Mappings, click Provision Azure Active Directory Users.
4.2 In the Source Object Scope field, you can select which sets of users in Azure AD should be considered for write-back, by defining a set of attribute-based filters. The default scope is “all users in Azure AD”.
4.3 The Target Object Actions field only supports the Update operation.
Step 5: Enable and launch user provisioning
5.1 In the Provisioning tab, set the Provisioning Status to On.
5.2 Select Scope. You can select from one of the following options:
Option 1: Sync all users and groups: Select this option if you plan to write back mapped attributes of all users from Azure AD to SuccessFactors, subject to the scoping rules defined under Mappings -> Source Object Scope.
Option 2: Sync only assigned users and groups: Select this option if you plan to write back mapped attributes of only users that you have assigned to this application in the Application -> Manage -> Users and groups menu option. These users are also subject to the scoping rules defined under Mappings -> Source Object Scope.
Note : I have selected the option 1 so all users will get synced.
5.3 Click Save.
5.4 This operation will start the initial sync, which can take a variable number of hours depending on how many users are in the Azure AD tenant and the scope defined for the operation. You can check the progress bar to the track the progress of the sync cycle.
Great Guide, thank you for sharing!
One question: How did you handle the mandatory country code field in SF?
We are always running into an error, saying the field can't be blank.
It's not part of the mapping
Please check if you have made some changes in country step 6.4 .
We have not faced any issue in the country code field in SF.
It looks like the admin credentials section in Azure AD has changed the required fields. Now the admin credentials section asks for the tenant URL and secret token.
Does anyone have any idea how to establish the connection using a secret token?
Thanks in advance.