Technical Articles
SAP SuccessFactors Productized Integrations supporting secure authentication mechanism
Abstract:
As per the 2H 2020 announcement: Planned Retirement of HTTP Basic Authentication (SFAPI/ODATA API) , all the productized integrations built by SAP SuccessFactors is now updated with secure OAuth2.0 authentication for inbound API calls to SAP SuccessFactors.
Pre-Read:
Migrating SAP SuccessFactors API Calls from Basic Authentication to OAuth 2.0 | SAP Blogs
FAQ:
- What is meant by “SAP SuccessFactors Productized integrations”?
SAP SuccessFactors product team has the ownership of the integration processes/flows.
- As a customer what are the migration activities for “SAP SuccessFactors Productized integrations”?
1. Ensure the Integration process is on the latest version (Boomi / SAP Cloud Integration)
2. As these are configure-only integrations, as a customer you would need to create the credential in SAP Cloud Integration or Configure the Environment extension in Boomi by following the respective SAP help material
3. Post the deployment ensure to test the Integration process/flow
Note:
In case of any errors faced during the migration activities please raise a support incident to components: LOD-SF-INT-BOM (Boomi related) LOF-SF-INT-HCI (SAP Cloud Integration related)
For the questions related to SAP SuccessFactors OAuth2.0, please raise it in Partner Delivery Community (SAP Partner) , SAP SuccessFactors Customer community / Ask a Question | SAP Community (SAP Customer)
- What credential type needs to be created in SAP Cloud Integration for SAP SuccessFactors adapter to migrate from Basic to OAuth2.0?
The credential type = OAuth2 SAML Bearer Assertion, the following SAP Blog post explains the steps for creating the credential type SAP Cloud Integration – OAuth2 SAML Bearer/X.509 Certificate Authentication Support in SuccessFactors Connector | SAP Blogs
- Should the process flow in Boomi/SAP Cloud Integration be re-deployed after migration from Basic to OAuth2 authentication for SAP SuccessFactors Productized Integrations? (Assuming that SAP has enabled the OAuth2 authentication in the SAP SuccessFactors productized integrations)
SAP Cloud Integration: Yes, the integration flow artefact must be re-deployed
Boomi: No need to re-deploy the standard integration package, configuring the connection in environment extension and saving the configuration is enough
List of integrations:
SAP SuccessFactors Productized Integrations and the relevant SAP Help material
3rd Party to SAP SuccessFactors Employee Central
3rd Party to SAP SuccessFactors Recruiting
| Scenario | Middleware | SAP Help material link |
| Integrating SAP SuccessFactors Recruiting with Third Party Assessment Vendor – People Answers | SAP Cloud Integration | https://help.sap.com/viewer/b09f9a94159a40968e8398c1abc01963/latest/en-US/cbc2bd95f98a42239eb4567f97669aed.html |
| Integrating SAP SuccessFactors Recruiting with Third Party Assessment Vendor-Generic Template | SAP Cloud Integration | https://help.sap.com/viewer/670a87748bf544a7acee378a2c9905f0/latest/en-US/ecb393601b894ff2bd78307ee5c58378.html |
| Integrating SAP SuccessFactors Recruiting with Third Party Assessment Vendor – People Answers | Boomi | https://help.sap.com/viewer/a8a625c0b6214f8fa066e769b5e93992/latest/en-US/92f354b145d247ffac1185384b91167e.html |
Employee Central Integration with SAP S/4HANA On Premise or SAP ERP Systems
| Scenario | Middleware | SAP Help material link |
| Side-by-Side Deployment Option: Use Employee Central as system of records for a subset of employees and retain the on-premise system as the core HR system for another subset of employees | Boomi/SAP Cloud Integration | https://help.sap.com/viewer/cedb0e80668d491e8c9380f451558f2d/latest/en-US |
| Core Hybrid Deployment Option: Use Employee Central as system of record for all employees and retain the on-premise system for specific processes, such as Payroll or Time Management | Boomi/SAP Cloud Integration | https://help.sap.com/viewer/cedb0e80668d491e8c9380f451558f2d/latest/en-US |
SAP SuccessFactors and SAP Fieldglass Integration
| Scenario | Middleware | SAP Help Material link |
| Using SAP Fieldglass with Employee Central | SAP Cloud Integration | https://help.sap.com/viewer/273e3d27f7ad4a45a14e41419030a590/latest/en-US/08cddc1108e840b98cd44c1f7598878d.html |
Conclusion:
In case you are a SAP partner or customer you can listen to Gerald Reinhard and Karthick Chandrasekaran in this webinar to get more information about the migration from Basic Authentication to OAuth 2.0. Slides are available here.
We will share more information in future with our customers and partners through webinars and this customer community blog.
Also please follow the SAP SuccessFactors | SAP Community, for further updates.
Hi Karthick,
Am trying to integrate DataSphere with Successfactors via Oauth. I am using the info shown in the screenshot. Am not sure on what to fill for the Oauth API Endpoint field highlighted. I generated the SAML assertion separately as described in https://launchpad.support.sap.com/#/notes/3031657. Should I use this Assertion string as the OAuth API endpoint? If not what should I use here or where can I find my OAuth API endpoint? I am using https://apisalesdemo8.successfactors.com/oauth/token as my token endpoint. Link to the doc I am using https://help.sap.com/docs/SAP_DATASPHERE/be5967d099974c69b77f4549425ca4c0/39df02030d4b411487bacecf9afea4e8.html.
Thx
-ravi
Hi Karthick,
I got it to work by using /oauth/idp as the endpoint. Datasphere doc says not to use this without giving a [proper alternative.
Thanks
-ravi