Symptom
You wish to know whether a secure method of authentication is available for your existing SAP standard integration and/or extension.
Environment
SAP SuccessFactors HCM Suite
SAP SuccessFactors OData API
SAP SuccessFactors SFAPI
Resolution
In case of basic authentication usage, the corresponding integration should be migrated to a more secure approach, e.g. oAuth2. In case of custom integrations this can be done directly. In case of an SAP owned integration or SAP products, the corresponding adopted integration flow or adopted products must be made available by SAP first.
For each integration artifact, use the table below to find the right migration guide to migrate from Basic Authentication to a more secure authentication method (for example oAuth2 with SAML).
This is a working document, only the integration artifacts listed in these tables are ready for adoption by customers at this point. In case an SAP owned integration artifact is not listed here, customers should not attempt to migrate them.
SAP Integration Suite
Integration Flow (SAP or Customer owned) |
Status |
Migration Guide/Comment |
Customer build integrations running on SAP Integration Suite with SuccessFactors Connector using SOAP or OData APIs listed in SuccessFactors API Center |
Ready for Migration | |
Customer build Integrations running on SAP Integration Suite with ODataV2 or SOAP Connector |
Not ready for Migration |
Try to move to SuccessFactors connector on SAP Integration Suite, see above. If this is not possible, e.g. usage of function imports in OData, wait with the migration for this artifact. |
Customer build Integrations running on SAP Integration Suite with HTTP Connector using OData APIs listed in SuccessFactors API Center |
Ready for Migration | Refer to question #12 in KBA 3146449. |
Integrating SAP SuccessFactors Employee Central with BenefitFocus
|
Ready for Migration |
Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2. |
Integrating SAP SuccessFactors Employee Central with Thomson's Online Benefits
|
Ready for Migration |
Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2. |
Integrating SAP SuccessFactors Employee Central with Microsoft Active Directory (SAP built/delivered integration only) |
Ready for Migration |
Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2.
|
Integrating SAP SuccessFactors with Kronos |
Ready for Migration |
Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2. |
Integrating SAP SuccessFactors Employee Central with WorkForce Software |
Ready for Migration |
Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2. |
Integrating SAP SuccessFactors Recruiting with Third Party Assessment Vendor - People Answers |
Ready for Migration |
Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2. |
Integrating SAP SuccessFactors Recruiting with Third Party Assessment Vendor-Generic Template |
Ready for Migration |
Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2. |
SAP Fieldglass to SAP SuccessFactors Employee Center |
Ready for Migration |
Get the latest integration flow and follow the Integration guide on help.sap.com to switch to oAuth2. |
Side-by-Side Deployment Option: Use Employee Central as system of records for a subset of employees and retain the on-premise system as the Suite HR system for another subset of employees
|
Ready for Migration |
Get the latest integration flow and follow the corresponding integration guide available here to configure oAuth2: https://help.sap.com/viewer/cedb0e80668d491e8c9380f451558f2d/latest/en-US
|
Suite Hybrid Deployment Option: Use Employee Central as system of record for all employees and retain the on-premise system for specific processes, such as Payroll or Time Management |
Ready for Migration |
Get the latest integration flow and follow the corresponding integration guide available here to configure oAuth2: https://help.sap.com/viewer/cedb0e80668d491e8c9380f451558f2d/latest/en-US |
SuccessFactors HCM Suite Onboarding with SAP ERP HCM |
Not ready for migration |
This package supports only SFAPI basic authentication for now. |
Employee Delta Export Add-In for Microsoft Excel |
Ready for Migration |
Security and Session Management in the Employee Delta Export for Microsoft Excel | SAP Help Portal |
Employee Central Payroll (ECP) |
Ready for Migration |
*Note* Available in DC60 only until further notice |
Boomi
Integration Flow (SAP or Customer owned) |
Status |
Migration Guide/Comment |
Customer build integrations running on Boomi with SuccessFactors Connector using SOAP or OData APIs listed in SuccessFactors API Center |
Ready for Migration |
Follow this KBA to decide for one of the two options: 2978172 - OAUTH authentication mode in Boomi for SuccessFactors Connector (SuccessFactors-Partner Connector) (sap.com) |
Integrating SAP SuccessFactors Recruiting with Third Party Assessment Vendor - People Answers |
Ready for Migration |
Get the latest integration flow and follow the integration guide on help.sap.com to switch to oAuth2. |
Integrating SAP SuccessFactors Employee Central with Benefitfocus
|
Ready for Migration |
Get the latest integration flow and follow the integration guide on help.sap.com to switch to oAuth2. |
Integrating SAP SuccessFactors Employee Central with Thomsons Online Benefits
|
Ready for Migration |
Get the latest integration flow and follow the integration guide on help.sap.com to switch to oAuth2. |
Integrating SAP SuccessFactors with Kronos
|
Ready for Migration |
Get the latest integration flow and follow the integration guide on help.sap.com to switch to oAuth2. |
Integrating SAP SuccessFactors Employee Central with WorkForce Software |
Ready for Migration |
Get the latest integration flow and follow the integration guide on help.sap.com to switch to oAuth2. |
Packaged Integration: EC Push Event |
Ready for Migration |
Get the latest integration flow and follow instructions from page Enabling Push Replication |
Packaged Integration: EC Payroll (HR Standard) to EC - Employee Confirmation v5.0 |
Not ready for Migration |
This package is planned to be deprecated in the future, so it won't be supporting OAuth. |
Other Environments
Integration Flow (SAP or Customer owned) |
Status |
Migration Guide/Comment |
3rd party integration platforms or custom code not supporting oAuth2 with SAML |
Ready for Migration |
Follow the example in this note https://launchpad.support.sap.com/#/notes/3031657 to enable your own oAuth2 authentication using SAML2. Use this blog to get some more guidance. |
SAP Cloud ALM: SAP SuccessFactors (see "Endpoint for Exception Monitoring" & "Endpoint for Business Process Monitoring") |
Not Ready for Migration |
This is currently under analysis (our internal reference [CRUN-15192] [Feature] BPMon Support oAuth for SF data collection - SAPJIRA (tools.sap)) and we'll update the KBA as soon as possible. |
MS Entra: Microsoft Entra ID and SAP SuccessFactors integration reference | Microsoft Learn How to use OAUTH when integrating Azure Active Directory Provisioning Services with SAP Success Factors - Microsoft Q&A |
Not Ready for Migration |
This integration is not supported by SuccessFactors. There is some collaboration between MS and SAP on this topic, so if news is received in relation to this topic, they will be published in the following blog: Announcement: Planned Retirement of HTTP Basic Aut... - Page 2 - SAP Community Groups |
Integration Add-On for SAP ERP HCM and SuccessFactors HCM Suite (Talent Hybrid) |
Not Ready for Migration |
OAuth on Talent Hybrid integration is still not available and there is no ETA for it. The responsible teams are currently discussing this internally. |
See Also
3138533 - How to use SuccessFactors API Audit Log to determine authentication methods used in your environment
Communities Blogs:
https://community.successfactors.com/t5/API-and-Integration-Resources/2H-2020-announcement-Planned-Retirement-of-HTTP-Basic/ba-p/259021
SAP SuccessFactors Productized Integrations supporting secure authentication mechanism | SAP Blogs
Keywords
oauth, oAuth2, Basic, artifact, integration, standard, custom, Boomi, SAP, SuccessFactors, SAML, list, ready, available, package, secure authentication, CRUN-15192 , KBA , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT-CUS , SF Boomi & CPI (HCI) Custom Content , LOD-SF-INT-CPI , Standard SF to 3rd Party CPI (HCI) Content , LOD-SF-INT-CPI-TPI , Standard SF to 3rd Party Integration using CPI , LOD-SF-INT-BPI , Dell & Boomi Infrastructure , LOD-SF-RCM-INT , Integration Center & Intelligent Services , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , LOD-SF-INT-BOM , Standard SF to 3rd Party Boomi Content , How To