SAP Knowledge Base Article - Public

2825324 - Prevent the import of unsecured content


Is it possible to prevent the import of unsecured content?

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."


SAP SuccessFactors HXM Suite


Since 2H 2023 release, for systems that are created after July 5, 2023 and not cloned from a system created before that time, Security Scan for User Input Enabled by Default in New Systems.

  • Before 2105 release, the Security Scan of User Inputs option only worked in Employee Central-enabled instances. After 2105 release deployment, Employee Import files can also be scanned. For example, fields containing cross-site scripting are detected, skipped, and reported in the import status email.

  • You can now better prevent the import of unsecured content with Employee Import.

  • This applies to basic and extended user import.

  • When the "Security Scan of User Inputs" option is enabled, and fields containing unsecured scripts, such as cross-site scripting, are detected, the import ignores the fields send report via import status email.

To Enable:

  1. Admin Centre
  2. Platform Feature Settings
  3. Select checkbox for Security Scan of User Inputs
  4. Save

KBA Image.png

See Also

Enabling User Input Validation | SAP Help Portal


Security Scan ,  User Inputs , Unsecured content , Release 2105, PLA-6358 , KBA , LOD-SF-PLT-UIM , Employee Import Issues , Product Enhancement


SAP SuccessFactors HCM all versions