3016222 - Career Explorer Error: Unexpected response when requesting tenant token for <Customer Bizx CompanyID> from Container with NAT IP: <NAT IP of container> - 401 - <Error Message>

When trying to access the Manage People Connection Integration page, receive an error message:

Unexpected response when requesting tenant token for <Customer Bizx CompanyID> from Container with NAT IP: <NAT IP of container> - 401 - <Error Message>

• SAP SuccessFactors Career Development Planning
• SAP SuccessFactors Career Explorer

1. Go to Admin Center > Manage People Connection Integration
2. Receive error message: "Unexpected response when requesting tenant token for <Customer Bizx CompanyID> from Container with NAT IP: <NAT IP of container> - 401 - <Error Message>"

• This error is caused by IP ranges of SAP BTP Data Centers not being allowed to access SFSF OData Servers.
• Note: Access to SFSF OData Server is required to allow AI recommendations to be generated from SAP BTP AI Business Service, People Like Me (powered by Personalized Recommendation Service).

**This change of configuration in Allowlist that is required by SAP BTP IP addresses only affects Career Explorer integration with AI Service and does not impact any other functionalities of Career Explorer.**

IP addresses can be allowlisted through OData API in Admin Center or defined in Provisioning:

Via OData API

You can use Admin Center tools to restrict users' access to APIs based on IP allowlists, referring to SAP SuccessFactors API Reference Guide (OData V2) - Restricting API Access by IP Addresses or IP Address Ranges.

Via Provisioning

As a customer, you do not have access to Provisioning. Please engage a Certified Partner or SuccessFactors Product Support in component LOD-SF-CDP-CE to implement the fix.

This needs to be defined in Provisioning > Company Settings > Restrict access to IP range. 

The following SF BizX Data Centers:

Map to SAP BTP EU Data Center - Region "eu10" (used for SAP BTP AI Business Service People Like Me) with IP range:

3.68.51.135, 3.124.174.204, 3.68.31.37, 3.67.58.183, 3.67.0.172, 3.67.244.62, 3.126.117.58, 3.67.200.70, 3.68.13.226, 3.126.45.133, 3.67.249.135, 18.194.183.183, 3.67.246.74, 3.66.68.201, 3.68.0.70, 3.66.100.105, 3.126.95.250, 3.66.68.127, 18.195.244.40, 3.67.107.121, 3.67.24.253, 18.193.50.255, 3.121.35.143, 52.28.56.202, 52.59.128.222, 52.28.241.88, 18.184.81.94

The following SF BizX Data Centers:

Map to SAP BTP US Data Center - Region "us30" (used for SAP BTP AI Business Service People Like Me), with IP range:

35.202.96.192, 35.193.171.152, 35.193.168.31, 35.202.69.204, 35.202.175.147, 35.193.69.164, 35.202.1.6, 23.236.63.113, 35.193.30.116, 35.202.66.196, 34.68.152.205, 35.222.158.222, 104.197.20.168, 35.232.105.70, 35.224.211.196, 35.222.192.158, 35.193.8.172

NOTE: IP addresses may change without prior notice. For updated information about Allowlisting IP addresses for each data center, please refer to the SAP Business Technology Platform Guide > Regions (Look for/filter for "region" in the shared page).

After allowlisting the IPs, you will need to disable and enable again the option "Enable People Connection" in Admin Center > Manage People Connection Integration to trigger the data sync.

PLM, People Like Me, Career Explorer, Error, login failed - login from, visit_idx, 401, CE, Unexpected response when requesting tenant token for <Customer Bizx CompanyID> from Container with NAT IP: <NAT IP of container> - 401 - <Error Message>, API, Odata API v2, success factors, SF, SFSF, CDP , KBA , LOD-SF-CDP-CE , Career Explorer , Problem