Skip to Content
User Experience Insights
Author's profile photo jayshri tamrakar

How to restrict contingent worker to access SuccessFactors Internal Career Site via SAP Identity Authentication Services (IAS)?

Introduction:

I am here again to share experience from project. Customer is implementing SuccessFactors Recruiting Marketing for both Internal and External Employees and requirement is to restrict contingent workers to access Internal Career Site.

All employees including contingent workers will be synced in SAP Identity Authentication Services (IAS) as contingent workers will be accessing all SuccessFactors modules except Internal Career Site and authentication will be done in SAP Identity Authentication Services (IAS). Contingent workers can be restricted to access SuccessFactors Internal Career Site via SAP Identity Authentication Services (IAS).

 

Prerequisites:

  1. Identity Authentication Service (IAS) for SAP SuccessFactors is enabled.

Check SAP blog to enable SAP Cloud Platform Identity Authentication through Upgrade Center:

https://blogs.sap.com/2020/09/25/integrate-sap-successfactors-solutions-with-sap-cloud-platform-identity-authentication-through-the-upgrade-center/

  1. IAS is setup for SuccessFactors Internal Career Site

https://blogs.sap.com/2022/07/03/setting-up-ias-for-recruiting-internal-career-site/

 

Process steps:

Step 1: Create a User Group in SAP Identity Authentication Services (IAS) as an administrator.

    • Login into SAP Identity Authentication Services
    • Goto “Users & Authentications”
    • Select “User Groups” option and click on “Create” button
    • Provide Group Name, Display Name and Description

IAS%20-%20Create%20User%20Group

IAS – Create User Group

Step 2: Create Risk-Based Authentication Rule in SAP Identity Authentication Services.

    • Goto “Applications & Resources”
    • Select “Applications” option
    • Select “Career Site Builder” application from Bundled Applications
    • Click on “Authentication and Access” tab

IAS%20-%20Risk-Based%20Authentication%201

 

    • Click on “Risk-Based Authentication” option
    • Click on “Create Rule” button
    • Select “User Groups” option and click on “Create” button
    • Update “Action = Deny”
    • Select “Group = ContingentWorker”, created in previous step.
    • Click on “Create” button
    • IAS%20-%20Risk-Based%20Authentication%20Rule
    • Maintain “Default Action = Allow”

IAS%20-%20Risk-Based%20Authentication%202

IAS – Risk-Based Authentication 2

 

Step 3: Find out field in SuccessFactors OData API.

Check SAP handbook for OData API SAP SuccessFactors HXM Suite OData API: Reference Guide (V2).

If field is available in OData API then it can be utilized in Identity Provisioning Services (IPS) Transformation logic to filter contigent worker and add them in right group.

OData%20API%20-%20isContingentWorker

OData API – isContingentWorker

Step 4: Find out query URL to understand how to write the transformation logic and understand where this field is available like in PersonKeyNav etc.

    • Login into SuccessFactors
    • Search Integration Center in Search Tool
    • Select “My Integration” option
    • Click on Create -> Schedule Simple File Output Integration -> Select the fields for query -> click on Select button

Integration%20Center%20-%20Create%20Query

Integration Center – Create Query

Integration Center – Select fields

    • Click on “Save” button and select “Export Integration Specification”

Integration Center – Export OData API Query

    • It will generate OData API Query file

Integration%20Centre%20-%20OData%20Query

Integration Center – OData Query

 

Step 5: Write Transformation logic in Identity Provisioning Services (IPS) – Source System.

    • Login into Identity Provisioning Services (IPS) as an administrator.
    • Goto “Source System”
    • Select “SuccessFactors” as source system
    • Click on “Transformations” option
    • Add the code as highlighted below in screen shot where “custom07” is field (is contingent worker) in EC with User record and “ADP_ID” is variable to hold the field value.

IAS%20-%20Source%20-%20Transformation%20Logic

IPS – Source – Transformation Logic

 

Step 6: Write Transformation logic in Identity Provisioning Services (IPS) – Target System.

    • Goto “Target System”
    • Select “Identity Authentication Services” as target system
    • Click on “Transformations” option
    • Add the code as highlighted below in screen shot where if “ADP_ID” value is “true” then employee will be added in Identity Authentication Services (IAS) User Group (in our case User Group = ContingentWorker).

IPS – Target – Transformation Logic

 

Step 7: Update User attribute in Identity Provisioning Services (IPS) – Source System.

    • Goto “Source System”
    • Select “SuccessFactors” as source system
    • Click on “Properties” option
    • Add “custom07” field in sf.user.attribues property.

IPS – User Attribute

 

Step 8: Run the “Read” job to update the employees in right group.

 

Conclusion:

With this process and transformation logic contingent worker will be restricted to access SuccessFactors Internal Career Sites.

Thanks for the read! I will be happy to address any further question in the comments.

See you soon with a new blog!

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.