SAP Knowledge Base Article - Public

3156202 - SAP SuccessFactors Integrations supporting a secure authentication mechanism

Symptom

You wish to know whether a secure method of authentication is available for your existing integration and/or extension

Environment

SAP SuccessFactors HXM Suite
SAP SuccessFactors OData API
SAP SuccessFactors SFAPI 

Reproducing the Issue

  1. Run your custom or SAP-owned integration
  2. Open the OData or SFAPI Audit Log
  3. Check the API call coming from your integration for basic authentication usage

Resolution

In case of basic authentication usage, the corresponding integration should be migrated to a more secure approach, e.g. oAuth2. In case of custom integrations this can be done directly. In case of an SAP owned integration or SAP products, the corresponding adopted integration flow or adopted products must be made available by SAP first.

For each integration artifact, use the table below to find the right migration guide to migrate from Basic Authentication to a more secure authentication method (for example oAuth2 with SAML).

This is a working document, only the integration artifacts listed in these tables are ready for adoption by customers at this point. In case an SAP owned integration artifact is not listed here, customers should not attempt to migrate them. 


SAP Integration Suite

Integration Flow

(SAP or Customer owned)

Status

Migration Guide/Comment

Customer build integrations running on SAP Integration Suite with SuccessFactors Connector using SOAP or OData APIs listed in SuccessFactors API Center

Ready for Migration

Follow this blog or check this configuration video

Customer build Integrations running on SAP Integration Suite with ODataV2 or SOAP Connector

Not ready for Migration

Try to move to SuccessFactors connector on SAP Integration Suite, see above. If this is not possible, e.g. usage of function imports in OData, wait with the migration for this artifact.

Customer build Integrations running on SAP Integration Suite with HTTP Connector using OData APIs listed in SuccessFactors API Center

Ready for Migration

 

Integrating SAP SuccessFactors Employee Central with BenefitFocus

 

Ready for Migration

Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2.

Integrating SAP SuccessFactors Employee Central with Thomson’s Online Benefits

 

Ready for Migration

Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2.

Integrating SAP SuccessFactors Employee Central with Microsoft Active Directory (SAP built/delivered integration only)

Ready for Migration

Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2.

 

Integrating SAP SuccessFactors with Kronos

Ready for Migration

Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2.

Integrating SAP SuccessFactors Employee Central with WorkForce Software

Ready for Migration

Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2.

Integrating SAP SuccessFactors Recruiting with Third Party Assessment Vendor - People Answers

Ready for Migration

Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2.

Integrating SAP SuccessFactors Recruiting with Third Party Assessment Vendor-Generic Template

Ready for Migration

Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2.

SAP Fieldglass to SAP SuccessFactors Employee Center

Ready for Migration

Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2.

Side-by-Side Deployment Option: Use Employee Central as system of records for a subset of employees and retain the on-premise system as the core HR system for another subset of employees

 

Ready for Migration

Get the latest integration flow and follow the corresponding integration guide available here to configure oAuth2: https://help.sap.com/viewer/cedb0e80668d491e8c9380f451558f2d/latest/en-US

 

Core Hybrid Deployment Option: Use Employee Central as system of record for all employees and retain the on-premise system for specific processes, such as Payroll or Time Management

Ready for Migration

Get the latest integration flow and follow the corresponding integration guide available here to configure oAuth2: https://help.sap.com/viewer/cedb0e80668d491e8c9380f451558f2d/latest/en-US

Employee Delta Export Add-In for Microsoft Excel

Ready for Migration

Security and Session Management in the Employee Delta Export for Microsoft Excel | SAP Help Portal

Employee Central Payroll (ECP)

Ready for Migration

*Note* Available in DC60 only until further notice
3167173 - Enabling certificate-based authentication for PTP connection



Boomi


Integration Flow

(SAP or Customer owned)

Status

Migration Guide/Comment

Customer build integrations running on Boomi with SuccessFactors Connector using SOAP or OData APIs listed in SuccessFactors API Center

Ready for Migration

Follow this KBA to decide for one of the two options: 2978172 - OAUTH authentication mode in Boomi for SuccessFactors Connector (SuccessFactors-Partner Connector) (sap.com)

Integrating SAP SuccessFactors Recruiting with Third Party Assessment Vendor - People Answers

Ready for Migration

Get the latest integration flow and follow the integration guide on help.sap.com to switch to oAuth2.

Integrating SAP SuccessFactors Employee Central with Benefitfocus

 

Ready for Migration

Get the latest integration flow and follow the integration guide on help.sap.com to switch to oAuth2.

Integrating SAP SuccessFactors Employee Central with Thomsons Online Benefits

 

Ready for Migration

Get the latest integration flow and follow the integration guide on help.sap.com to switch to oAuth2.

Integrating SAP SuccessFactors with Kronos

 

Ready for Migration

Get the latest integration flow and follow the integration guide on help.sap.com to switch to oAuth2.

Integrating SAP SuccessFactors Employee Central with WorkForce Software

Ready for Migration

Get the latest integration flow and follow the integration guide on help.sap.com to switch to oAuth2.



Other Environments

Integration Flow

(SAP or Customer owned)

Status

Migration Guide/Comment

3rd party integration platforms or custom code not supporting oAuth2 with SAML

Ready for Migration

Follow the example in this note https://launchpad.support.sap.com/#/notes/3031657  to enable your own oAuth2 authentication using SAML2. Use this blog to get some more guidance.






See Also

3138533 - How to use SuccessFactors API Audit Log to determine authentication methods used in your environment

Communities Blogs:

https://community.successfactors.com/t5/Platform-Resources-Blog/Deprecation-of-HTTP-Basic-Authentication-Second-Half-Release/ba-p/284363 

https://community.successfactors.com/t5/API-and-Integration-Resources/2H-2020-announcement-Planned-Retirement-of-HTTP-Basic/ba-p/259021

SAP SuccessFactors Productized Integrations supporting secure authentication mechanism | SAP Blogs

Keywords

Oauth,oAuth2. Basic, artifact, integration, standard, custom, Boomi, SAP, SuccessFactors, SAML, list, ready, available, package, secure authentication , KBA , LOD-SF-INT , Integrations , LOD-SF-INT-CUS , Boomi & CPI (HCI) Custom Content , LOD-SF-INT-CPI , Standard SF to 3rd Party CPI (HCI) Content , LOD-SF-INT-CPI-TPI , Standard SF to 3rd Party Integration using CPI , LOD-SF-INT-BPI , Dell & Boomi Infrastructure , LOD-SF-RCM-INT , Integration Center & Intelligent Services , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , LOD-SF-INT-BOM , Standard SF to 3rd Party Boomi Content , LOD-SF-INT-ODATA , OData API Framework , How To

Product

SAP SuccessFactors HXM Suite all versions