PGP deployment for SuccessFactors LMS
This blog can be helpful for the clients or consultants who wish to learn more about PGP’s fundamental principles or for those who are just getting started with PGP’s deployment for the SF LMS module.
What is PGP and why is it useful in SFLMS:
PGP is a widely used encryption program to encrypt and decrypt files. PGP uses a variation of the public key (PK) system where each user has a publicly known encryption key and a private key known only to that user. The LMS connectors have the ability to process PGP encrypted input files.
Since most of us export user data from EC to LMS with the help of Integration Centre (IC) now so PGP is being applied in outbound file on IC side so that encrypted user data file (UDF) should get destination in the SFTP server. From SFTP, LMS SF user connector picks up the UDF and decrypt further.
The advantage of PGP deployment in this case is that user data files are not made publicly available, especially on SFTP servers, and user data is safeguarded because anyone with the necessary credentials can log into SFTP. As of now, my scenario only covers the SFTP provided by the SAP rather any other 3rd party SFTP server.
Let’s move through the process step by step to show how PGP keys are created and used in IC. I’m not concentrating on PGP deployment errors here because they could be too complex for SF consultants to understand. Instead, you should adhere to the steps listed below for a successful PGP deployment for SFLMS.
PGP Deployment Steps :
Step 1– Get the Public, Private (Secret) & passcode from the client with below info.
Algorithm – RSA
Key size – 2048 or 4096 bits (recommended)
Expiry – Never (recommended)
Passphrase- Alphanumeric (with/without special character)
So at this stage – you will have 3 major details with you:
1- Public Key
2- Private Key
Step 2 – Open SF application > navigate Security Centre > PGP File Encryption Keys > Click on Import a Key > Pick appropriate name and search and upload the Public key provided by the client or generated by you (.asc file) > Click on Import Key
Step 3 -Now go to Integration Centre > Open the outbound file > Navigate Destination Settings > select the key which you have imported in previous step as below snip > Save & Run the IC job
Step 4 – Open SFTP server and check the UDF, it should be encrypted format exp:- user_data.csv.pgp
Step 5 – If the provided PGP keys are not encoded in base64 format so please encode them thru https://www.base64encode.org/. Below snip is FYR
Step 6 -Now in order LMS SF user connector to fetch the file from SFTP and decrypt further, we need to do few configs changes in LMS:
Connector Configuration in LMS
Once input files are encrypted and ready for connector processing, the following properties need to be configured via LMS Admin > System Administration > Configuration > System Configuration > CONNECTORS
# PGP setup for decryption of input files
connector.pgp.public.keyring= mentioned PGP public base 64 encoded key
connector.pgp.secret.keyring=mentioned PGP private base 64 encoded key
Navigate User Connector – SF > set the timings > Apply Changes and wait for successful connector run.
I hope this blog will assist the consultant in implementing PGP for the SFLMS module for the first time or client, who wants to see the entire PGP process flow for SFLMS module.
Just to summarize in this blog- we have seen:
1- Usability of PGP in SFLMS
2- PGP deployment in SFLMS
You may share your feedback or thoughts in a comment.