Symptom
When trying to access the Manage People Connection Integration page, receive an error message:
Unexpected response when requesting tenant token for <Customer Bizx CompanyID> from Container with NAT IP: <NAT IP of container> - 401 - <Error Message>
Environment
- SAP SuccessFactors Career Development Planning
- SAP SuccessFactors Career Explorer
Reproducing the Issue
- Go to Admin Center > Manage People Connection Integration
- Receive error message: "Unexpected response when requesting tenant token for <Customer Bizx CompanyID> from Container with NAT IP: <NAT IP of container> - 401 - <Error Message>"
Cause
- This error is caused by IP ranges of SAP BTP Data Centers not being allowed to access SFSF OData Servers.
- Note: Access to SFSF OData Server is required to allow AI recommendations to be generated from SAP BTP AI Business Service, People Like Me (powered by Personalized Recommendation Service).
Resolution
**This change of configuration in Allowlist that is required by SAP BTP IP addresses only affects Career Explorer integration with AI Service and does not impact any other functionalities of Career Explorer.**
IP addresses can be allowlisted through OData API in Admin Center or defined in Provisioning:
Via OData API
You can use Admin Center tools to restrict users' access to APIs based on IP allowlists, referring to SAP SuccessFactors API Reference Guide (OData V2) - Restricting API Access by IP Addresses or IP Address Ranges.
Via Provisioning
As a customer, you do not have access to Provisioning. Please engage a Certified Partner or SuccessFactors Product Support in component LOD-SF-CDP-CE to implement the fix.
This needs to be defined in Provisioning > Company Settings > Restrict access to IP range.
The following SF BizX Data Centers:
DC2 Production |
DC2 SalesDemo |
DC2 Preview |
DC12 Production |
DC12 Rot |
DC12 Preview |
DC15 Production |
DC16 Production |
DC44 Preview |
DC44 Production |
DC50 Preview |
DC50 Production |
Map to SAP BTP EU Data Center - Region "eu10" (used for SAP BTP AI Business Service People Like Me) with IP range:
3.68.51.135, 3.124.174.204, 3.68.31.37, 3.67.58.183, 3.67.0.172, 3.67.244.62, 3.126.117.58, 3.67.200.70, 3.68.13.226, 3.126.45.133, 3.67.249.135, 18.194.183.183, 3.67.246.74, 3.66.68.201, 3.68.0.70, 3.66.100.105, 3.126.95.250, 3.66.68.127, 18.195.244.40, 3.67.107.121, 3.67.24.253, 18.193.50.255, 3.121.35.143, 52.28.56.202, 52.59.128.222, 52.28.241.88, 18.184.81.94
The following SF BizX Data Centers:
DC4 Production |
DC4 SalesDemo |
DC4 Preview |
DC8 Production |
DC8 SalesDemo |
DC8 Preview |
DC10 Production |
DC10 Preview |
DC17 Preview |
DC17 Production |
DC62 Preview |
DC62 Production |
DC40 SalesDemo |
DC41 Preview |
DC41 Production |
DC42 Preview |
DC42 Production |
DC47 Preview |
DC47 Production |
Map to SAP BTP US Data Center - Region "us30" (used for SAP BTP AI Business Service People Like Me), with IP range:
35.202.96.192, 35.193.171.152, 35.193.168.31, 35.202.69.204, 35.202.175.147, 35.193.69.164, 35.202.1.6, 23.236.63.113, 35.193.30.116, 35.202.66.196, 34.68.152.205, 35.222.158.222, 104.197.20.168, 35.232.105.70, 35.224.211.196, 35.222.192.158, 35.193.8.172
NOTE: IP addresses may change without prior notice. For updated information about Allowlisting IP addresses for each data center, please refer to the SAP Business Technology Platform Guide > Regions (Look for/filter for "region" in the shared page).
After allowlisting the IPs, you will need to disable and enable again the option "Enable People Connection" in Admin Center > Manage People Connection Integration to trigger the data sync.
Keywords
PLM, People Like Me, Career Explorer, Error, login failed - login from, visit_idx, 401, CE, Unexpected response when requesting tenant token for <Customer Bizx CompanyID> from Container with NAT IP: <NAT IP of container> - 401 - <Error Message>, API, Odata API v2, success factors, SF, SFSF, CDP , KBA , LOD-SF-CDP-CE , Career Explorer , Problem
Product
Attachments
restrict IP address.PNG |