Symptom
When trying to access the Manage People Connection Integration page, receive an error message:
Unexpected response when requesting tenant token for <Customer Bizx CompanyID> from Container with NAT IP: <NAT IP of container> - 401 - <Error Message>
Environment
SAP SuccessFactors Career Development Planning
Reproducing the Issue
- Go to Admin Center > Manage People Connection Integration
- Receive error message: "Unexpected response when requesting tenant token for <Customer Bizx CompanyID> from Container with NAT IP: <NAT IP of container> - 401 - <Error Message>"
Cause
This error is caused by IP ranges of SAP BTP Data Centers not being allowed to access SFSF OData Servers.
- Note: Access to SFSF OData Server is required to allow AI recommendations to be generated from SAP BTP AI Business Service, People Like Me (powered by Personalized Recommendation Service).
Resolution
**This change of configuration in Allowlist only affects Career Explorer integration with AI Service and does not impact any other functionalities of Career Explorer.**
IP addresses can be allowlisted through OData API in Admin Center or Provisioning:
Option 1: OData API
You can use Admin Center tools to restrict users' access to APIs based on IP allowlists, referring to SAP SuccessFactors API Reference Guide (OData V2) - Restricting API Access by IP Addresses or IP Address Ranges.
Option 2: Provisioning
Please Note Before Proceeding:
- As a customer, you do not have access to Provisioning. Please engage a Certified Partner or SuccessFactors Product Support in component LOD-SF-CDP-CE to implement the fix.
- IP addresses may change without prior notice. For updated information about Allowlisting IP addresses for each data center, please refer to SAP Business Technology Platform - Regions and API Endpoints Available for the Cloud Foundry Environment (Look for/filter for "region" in the shared page).
I. Identify the IP Addresses Needed Based on Data Center
There are different IP addresses allowed for each data center and region:
SF BizX Data Centers | PLM Cloud Foundry Environment | Allowed IP Ranges |
DC50 Production & Preview DC52 Production & Preview | eu10 | 52.59.128.222, 52.28.241.88, 18.184.81.94, 3.67.200.70, 3.68.51.135, 3.124.174.204, 3.68.31.37, 3.67.58.183, 3.67.0.172, 3.67.244.62, 3.126.117.58, 3.66.100.105, 3.68.13.226, 3.126.45.133, 3.67.249.135, 18.194.183.183, 3.67.246.74, 3.66.68.201, 3.68.0.70, 52.28.56.202, 3.126.95.250, 3.66.68.127, 18.195.244.40, 3.67.107.121, 3.67.24.253, 18.193.50.255, 3.121.35.143 |
DC33 Production, Preview & Rot DC55 Production & Preview DC57 Production, Preview & SalesDemo | eu10 and eu11 | 52.59.128.222, 52.28.241.88, 18.184.81.94, 3.67.200.70, 3.68.51.135, 3.124.174.204, 3.68.31.37, 3.67.58.183, 3.67.0.172, 3.67.244.62, 3.126.117.58, 3.66.100.105, 3.68.13.226, 3.126.45.133, 3.67.249.135, 18.194.183.183, 3.67.246.74, 3.66.68.201, 3.68.0.70, 52.28.56.202, 3.126.95.250, 3.66.68.127, 18.195.244.40, 3.67.107.121, 3.67.24.253, 18.193.50.255, 3.121.35.143, 18.156.140.38, 3.121.55.100, 35.156.198.246, 52.59.77.121, 18.185.57.85, 3.121.79.209, 3.67.237.8, 35.156.31.32, 3.65.63.251, 3.122.176.63, 18.198.13.57, 18.157.114.142, 18.184.172.97, 18.159.180.188, 35.157.5.44 |
DC40 SalesDemo DC41 Production & Preview DC42 Production & Preview DC47 Production & Preview DC60 Production & Preview DC62 Production & Preview DC66 Production & Preview DC68 Production, Preview & SalesDemo DC70 Production, Preview & SalesDemo | us30 | 35.202.96.192, 35.193.171.152, 35.193.168.31, 35.202.69.204, 35.202.175.147, 35.193.69.164, 35.202.1.6, 23.236.63.113, 35.193.30.116, 35.202.66.196, 34.68.152.205, 35.222.158.222, 104.197.20.168, 35.232.105.70, 35.224.211.196, 35.222.192.158, 35.193.8.172, 34.171.4.220, 34.172.37.175, 34.170.206.220, 34.172.145.231, 35.222.38.254, 35.239.28.216, 34.134.91.47, 34.123.17.36, 35.202.205.85, 34.118.207.84, 35.193.6.192, 34.122.222.203, 104.197.157.121, 34.135.159.154, 35.223.208.27, 146.148.74.171, 34.132.192.46, 34.68.109.37, 104.198.49.58, 35.225.164.132 |
II. Configure IP Addresses in Provisioning
- Log in to SuccessFactors Provisioning
- Select the company ID
- Select Company Settings
- Search for Restrict access to IP range
- Populate the applicable IP ranges from the above table
- Select Save
- Enter the companyID > Confirm
III. Trigger a Data Sync
- Log in to the Successfactors front-end
- Navigate to Admin Center > Manage People Connection Integration
- Uncheck the box for Enable People Connection > Save
- Re-check the box for Enable People Connection > Save
See Also
- SAP SuccessFactors API Reference Guide (OData V2) - List of SAP SuccessFactors API Servers
- SAP SuccessFactors API Reference Guide (OData V2) - Restricting API Access by IP Addresses or IP Address Ranges
- SAP Business Technology Platform - Regions and API Endpoints Available for the Cloud Foundry Environment
- Implementing and Managing Career Development Planning - Configuring Manage People Connection Integration
Keywords
PLM, People Like Me, Career Explorer, Error, login failed - login from, visit_idx, 401, CE, Unexpected response when requesting tenant token for <Customer Bizx CompanyID> from Container with NAT IP: <NAT IP of container> - 401 - <Error Message>, API, Odata API v2, success factors, SF, SFSF, CDP , KBA , LOD-SF-CDP-CE , Career Explorer , Problem
Product
Attachments
restrict IP address.PNG |