Setting Up Point-to-Point Integration with Client-certificate based Authentication in Employee Central Payroll
Setting up a point-to-point integration with client-certificate based authentication between Employee Central Payroll and SuccessFactors can provide an added layer of security for sensitive payroll data. Here are the general steps to set up such integration:
- Obtain client certificates: Both Employee Central Payroll and SuccessFactors must have their own client certificates. These certificates are used to identify the systems during the authentication process.
- Configure the systems: In Employee Central Payroll and SuccessFactors, configure the integration settings to use client-certificate based authentication. This includes specifying the certificate file and the private key.
- Exchange certificates: The two systems must exchange their client certificates. This is done by sharing the certificate files between the systems.
- Test the integration: Test the integration to ensure that the two systems are able to communicate securely.
- Set up the data mapping: Map the data fields between Employee Central Payroll and SuccessFactors. This ensures that the data is passed between the systems correctly.
- Configure security: Configure the security settings for the integration, such as setting up roles and permissions for users.
- Monitor and maintain the integration: Monitor the integration to ensure that it is working correctly and make any necessary adjustments. It is important to keep the client certificates updated and maintain the integration settings to ensure that the communication between the systems remains secure.
It’s important to note that this is a high-level overview of the process and the actual implementation may require additional steps and expertise.
In this blog I am going to show that how we can connect ECP with EC system using Client Certificate. Please follow the procedure as given below:
A. Start transaction STRUST in ECP and export the public key as described in Exporting Client Certificates from STRUST.
- Run transaction STRUST in the Customizing for Integration Settings for SuccessFactors Employee Central Payroll Certificate Handling Export Certificates
- From the left pane, select the SSL client certificate 100_SD.
- Double click on the certificate displayed in Subject of the Own Certificate section.
- Choose the edit icon and choose Export Certificate.
- In the Export Certificate dialog box, browse the file path in
- which you want to export the certificate. Provide a file name with .cer extension.
- Choose File Format as Base64. Choose OK.
The certificate is exported to the selected file path.
In the Employee Central Security Center, import the public key as described in Importing Client Certificates to the Security Center.
B. Importing Client Certificates to the Security Center
Exported certificate can be uploaded to Employee Central using the Security Center.
- First Check role based permissions for Security Center
- In the Employee Central system, go to the Security Center.
- Select 509 Public Certificate Mapping.
- Choose Add.
- Provide the following data:
|Configuration Name||Example: New X509 Certificate Mapping|
|Integration Name||Default is Employee Central Payroll|
|Certificate File||Select the corresponding file with the cer extension.|
|Login Name||Is the Employee Central user you defined in Granting Permissions for Full Access to the CompoundEmployee API|
- Choose Upload File.
The certificate is imported to the selected file path.
Now check the Connection between ECP and EC
- Goto Tcode HRSFEC_PTP_CONFIG in Employee Central Payroll System
- Choose Connect with X.509 Certificate
- In SSL Certificate Select 100_SD and Click on Execute
- Click on back and Now select Ping Employee Central APIs and all options under it and execute it
Now EC and ECP both systems are connected.
For more information please refer to KBA Note 3167173 – Setting Up Point-to-Point Integration with Client-certificate based Authentication
Connecting Employee Central Payroll with SuccessFactors can provide a seamless integration of payroll and human resource management processes. By integrating these two systems, organizations can improve data accuracy, reduce manual errors, and automate HR processes. This can lead to cost savings, increased efficiency, and improved compliance.
One of the main benefits of connecting Employee Central Payroll with SuccessFactors is that it allows for real-time data synchronization. This means that when an employee’s information is updated in one system, it is automatically updated in the other system. For example, when an employee’s salary is updated in Employee Central Payroll, it is automatically reflected in SuccessFactors. This eliminates the need for manual data entry and reduces the risk of errors.
Another benefit of connecting these two systems is that it allows for automated HR processes. For example, when an employee is hired or terminated in SuccessFactors, the information is automatically sent to Employee Central Payroll. This eliminates the need for manual entry and ensures that the employee’s payroll information is up-to-date.
In addition, connecting Employee Central Payroll with SuccessFactors allows organizations to improve compliance. By ensuring that all employee data is accurate and up-to-date, organizations can avoid compliance issues and ensure that they are in compliance with relevant laws and regulations.
To connect Employee Central Payroll with SuccessFactors, organizations need to have an instance of Employee Central Payroll and an instance of SuccessFactors. Next, they need to configure the integration by setting up the connection between the two systems. This can be done by configuring the integration settings in both systems and by mapping the data fields between the two systems.
Once the integration is set up, organizations can start using the integrated system. For example, they can use SuccessFactors to create new employees and Employee Central Payroll to calculate payroll.
In conclusion, connecting Employee Central Payroll with SuccessFactors can provide organizations with a seamless integration of payroll and human resource management processes. By integrating these two systems, organizations can improve data accuracy, reduce manual errors, and automate HR processes. This can lead to cost savings, increased efficiency, and improved compliance. It is important to note that the integration setup requires technical expertise and it is recommended to consult with experts in the field before proceeding
I hope this blog will help many of our friends who are struggling in connecting EC and ECP using Certificate.
Thanks Lalit ! Very well explained.
Amazing Blog Lalit! Clearly depicted the step by step process and this showcases your expertise in this area!!
Thank you very much Swathi
This is really a great help to setup Point-to-Point Integration with Client-certificate based Authentication.
We are facing an issue stating ICMPROXY error after following the steps mentioned in the blog while pinging Employee Central API from ECP system.
Kindly suggest for further steps be followed in order to avoid ICMPROXY error.
Please refer to Resolution no. 4 in KBA Note 2732200.
Thank you very much Lalit !!
Point 4 in KBA helped to overcome the issue
Cause: Wrong configuration in the SICF > F8 > client > proxy settings > http and https protocols
Resolution: check under SICF > F8 > client > proxy settings > http and https protocols, if you have some proxy, check if this proxy is accepting the calls. Maybe removing the proxy from the parameters will resolve the issue - sample NIECONN_REFUSED(-10)
Happy to know that your issue resolved. 🙂
Excellent and very detailed step wise procedure to setup EC-ECP PTP configuration.
Nice to read and very helpful.