2978172 - How to use OAuth 2.0 authentication in Boomi to connect to SuccessFactors (SuccessFactors Partner Connector)

This article explains how to configure OAuth 2.0 authentication for the SAP SuccessFactors Connector in Boomi when connecting to the SuccessFactors OData API (and optionally SFAPI).

The relevant guides to refer are:

• SuccessFactors OData guide: Authentication using OAuth 2.0
• SuccessFactors Boomi Connectors guide: Setting Up OAuth 2.0 in Boomi Connectors

NOTE: OAuth connections are supported only when using the SuccessFactors Connector. The HTTP Connector does not support it.

Boomi Platform

SAP SuccessFactors HCM Suite

Step 1 – Register Boomi as an OAuth Client in SuccessFactors

1. In SuccessFactors Admin Center, navigate to Manage OAuth2 Client Applications.

2. Select Register Client Application.

3. Enter the required details following the official OAuth 2.0 guide: LINK 

   • Application URL: https://platform.boomi.com/

4. Generate an X.509 certificate key pair (private and public keys) using one of the following methods:

   • Generate the certificate directly in SuccessFactors by clicking on Generate X509 Certificate: LINK

   • Generate a self-signed certificate using an external tool: KBA 3031657

5. Download the .pem file and open it in a text editor to copy the private key;

6. After registration, an API Key is generated: This is your Client ID for the Boomi connector.

Step 2 – Configure Boomi Connection for OAuth (OData)

1. Open your SuccessFactors Connection in Boomi.

2. Check Enable SF OData Entity Import.

3. Leave the Password field blank.
   
   

Step 3 – Generate and Maintain the SAML Assertion

You can either let Boomi generate the SAML assertion automatically or use one generated externally.

Option 1 – SAML Assertion Generated by SF Connector

• Provide the OAuth Client ID and Private Key (from Step 1).

• Save the connection.

• The connector will automatically generate the SAML assertion at runtime.
  
  

Option 2 – Externally Generated SAML Assertion

• Generate the assertion using the SAP offline tool described in [KBA 3031657 – How to generate SAML assertion for SAP SuccessFactors API using SAP provided offline tool].

• Leave the OAuth Private Key field blank.

• Create a Dynamic Process Property in Boomi and paste the static SAML assertion value.

• Enter the property name in the SF Connection and maintain the OAuth2 Client ID.

Recommendation:

• Use Option 1 if you rely on SAP infrastructure to generate assertions.
• Use Option 2 only if you must use your own internal infrastructure.
  
  
  

Step 4 – Validate Authorization

Run the Boomi process and check the OData API Audit Log in SuccessFactors.
The request header should display:

Using the Same Connection for SFAPI

The same OAuth configuration applies to SFAPI.
Once all required fields are filled in the connector, the same connection can be used for both OData and SFAPI entities.

For new integrations, select Enable SFAPI Entity Import when importing SFAPI entities.

Additional Notes

• Existing connections created with Basic Authentication continue to work. OAuth fields simply become available for new use.

• To test OAuth for OData:

  • Uncheck Enable SFAPI Entity Import.

  • Remove any password value.

• One OAuth-enabled connection can be reused for both OData and SFAPI calls.

Boomi, OAUTH, authentication, V2, odata, connection, sf, oauth2, auth, successfactors, connect, connection , KBA , LOD-SF-INT-BPI , Dell & Boomi Infrastructure , How To