3122406 - How to connect SuccessFactors to a new third-party site (allowlist on SAP side)

To be able to connect your SuccessFactors (SF) instance to a new external/third-party site (SFTP/REST/SOAP) is necessary to allowlist SAP DCs IPs in the third-party servers and also allowlist the third-party site IPs in SAP servers.

For the allowlisting in third-party side, refer to the KBA 2395508 and request it.

For the allowlisting in SAP side, follow the steps below.

SAP SuccessFactors HCM Suite

• As per our security policy, outbound connections to external/third-party sites are blocked on SF datacenters by default.
• Therefore, when setting up outbound connection to new external sites, you will need first request their destination IP/URLs be allowlisted on the corresponding SF datacenter end.

The allowlisting can be requested by raising a support ticket to LOD-SF-PLT. The information below must be included in the ticket:

For external FTP/SFTP endpoint:

• SFTP IP address;
• SFTP Hostname;
• Business justification on why you need this allowlisting;
  OBS.: The standard Destination Port is 22. No other custom ports will be allowed.

For external REST/SOAP endpoint:

• Domain URL;
• Destination Port;
• Source IP address (for SOAP endpoints only);
• Business justification on why you need this allowlisting;

The SAP support team will create an internal request to SF Operations and SF Network teams to include your endpoint IP or URL in our datacenter allowlist.
   

IMPORTANT NOTES:

• This allowlisting is not required for SF-provided SFTP accounts.
• This allowlisting is not required for DC33. All outbound connections are allowed in DC33 by default.
• A new allowlisting is required for FTP/SFTP/SOAP endpoints only if the IP or Port changes and for REST endpoints only if the URL or Port changes.
• The allowlisting is done at DC level meaning there is no need to request the same allowlisting for a different tenant on the same DC
• If you are using the port 443 to connect, you don't need to request allowlisting. If using the port 22, then we only need customer-specific IP addresses.

OBS.: For SAP support, check the internal KBA 3251227 for instructions.

• 3089960 - SAP SuccessFactors Next Generation Cloud Delivery (NGCD) Customer checklist
• 2432796 - Public outgoing IP for SAP SuccessFactors Datacenters. BizX Platform

allowlist, allow-list, allow list, allowlisting, allow-listing, allow listing, whitelist, white-list, white list, whitelisting, white-listing, white listing, outbound, export, inbound, import, connection, connector, communication, communicating, external, third-party, 3rd party, site, endpoint, server, sf , KBA , LOD-SF-PLT-PSI , Product Security Inquiries , How To