Symptom
From October 2020, customers will not be able to create a new API Option Profile with the default insecure password in Admin Center -> Add API Option Profile page, as the following options will be removed:
-
- Use the Username
- Use the UserID
- Use the email address
Customers wish to understand what options are available to handle this via API
Environment
SAP SuccessFactors HCM Suite
Resolution
There are two available options to handle this scenario via API: random passwords and providing the password of your choice inside the payload
- OPTION 1: Random password
- SFAPI: Use the RANDOWM_PWD and the sendWelcomeMessage parameters, so as to create a random PW and send an email the user's email account:
<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
<Body>
<upsert xmlns="urn:sfobject.sfapi.successfactors.com">
<type>User</type>
<sfobject>
<type>User</type>
<username>testTest</username>
<externalId>1234567</externalId>
<status>active</status>
<email>test@sap.com</email>
</sfobject>
<processingParam>
<name>defaultPasswordField</name>
<value>RANDOM_PWD</value>
</processingParam>
<processingParam>
<name>sendWelcomeMessage</name>
<value>true</value>
</processingParam>
</upsert>
</Body>
</Envelope> - OData: use the API Option Profile and include the parameter apiOptionProfileID in the OData POST url:
- SFAPI: Use the RANDOWM_PWD and the sendWelcomeMessage parameters, so as to create a random PW and send an email the user's email account:
- OPTION 2: Provide the initial password of your choice inside the payload <password>yourpwd</password>
- SFAPI: Sample payload:
<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
<Body>
<upsert xmlns="urn:sfobject.sfapi.successfactors.com">
<type>User</type>
<sfobject>
<type>User</type>
<username>testTest</username>
<externalId>1234567</externalId>
<status>active</status>
<email>test@sap.com</email>
<password>initial123</password>
</sfobject>
</upsert>
</Body>
</Envelope> - OData: POST call on https://[API URL]/odata/v2/upsert? with e.g. Body:
{"__metadata": {"uri": "User('testTest')","type": "SFOData.User"},"password": "initial123"}
- SFAPI: Sample payload:
IMPORTANT:
Parameter values USERNAME, externalId, EMAIL, FIRSTNAME, and LASTNAME are unsafe password values. We recommend that you use system-generated random passwords (RANDOM_PWD) when creating users. You can enable the Use System Generated Password by Default option in Admin Center Platform Feature Settings to force all new and existing API requests to use system-generated random passwords except for the ones with values specified in the password field. Note that you need to review your existing API calls to make sure they continue to work after enabling the option. For additional details, please review defaultPasswordField in sections 6.7. Optional Business Processing Parameters and 6.13 Passwords of our SAP SuccessFactors HCM Suite SFAPI: Developer Guide
See Also
- Customer Community post -> Changes to Default Password Generation Coming October 9, 2020 Weekend
- Partner Community post -> Proactive Partner Update - Default Password Generation Changes Coming October 9, 2020 Weekend
- KBA (Platform) -> 2932190 - Changes to Default Password Generation in BizX Users
- KBA (Employee Central) -> 2931642 - SAP SuccessFactors Employee Central: Default Password Generation
- Jam Group -> Changes to SAP SuccessFactors HCM Suite Default Password Generation
- KBA (INT) -> 2223026 - How to override the default password while creating a new user using User entity in a SuccessFactors system
Keywords
apiOptionProfileID, OData, SFAPI, random password, RANDOWM_PWD, sendWelcomeMessage, 'IF_HRSFI_SFSF_API_PARAMETER~PROVIDE', RH_SFI_SYNCH_EMP_DATA , KBA , LOD-SF-INT-ODATA , OData API Framework , How To