SAP Knowledge Base Article - Public

3512009 - HTTP Strict Transport Security (HSTS) in SuccessFactors

Symptom

You want to enable HTTP Strict Transport Security (HSTS) in SuccessFactors

Environment

SAP SuccessFactors HCM Suite

Resolution

HTTP Strict Transport Security (HSTS) is required for a site to ensure that users always connect to the site using HTTPS. In SuccessFactors there are no special firewall configuration settings necessary:

  • All browser communication with the application leverages HTTPS with TLS 1.2 and AES 256-bit encryption on port 443.
  • Flat file integrations will leverage SFTP on port 22 and we support PGP encryption.
  • All API / Web Services calls also use HTTPS with TLS 1.2 and AES 256-bit encryption on port 443. Our mobile applications utilize the OData API's and OAuth Tokens.

See Also

KBA 2285759 - Security standards of SuccessFactors HXM Suite 

KBA 2863021 - Configuring Content Security Header policies for a SuccessFactors instance

Keywords

HTTPS, HSTS, security, Encryption, protocol , KBA , LOD-SF-PLT-HED , Global Header , How To

Product

SAP SuccessFactors HCM Suite all versions