SAP Knowledge Base Article - Public

3605060 - 2025 1H: New Permission "Request OpenID Connect Token Request OpenID Connect Token for Outbound API Calls" showing in RBP

Symptom

After 1H 2025 Release, the new permission User Permissions > General User Permission > Request OpenID Connect Token Request OpenID Connect Token for Outbound API Calls was added to Role Based Permissions (RBP).

Environment

SAP SuccessFactors HCM Suite

Resolution

This permission will not affect the login function of the SF OData API. The SF OData API calls in general are inbound requests.

This permission is only used for outbound requests from SF and allows the user to get an token to call other application.

          

Permission details in What's New Viewer page (LINK):

"We've added a new role-based permission to control access to OpenID Connect (OIDC) token requests for outbound API authentication.

With this update, users with the User Permissions  General User Permission   Request OpenID Connect Token Request OpenID Connect Token for Outbound API Calls permission can obtain an OIDC token through SAP SuccessFactors. This token is used to authenticate outbound API calls to external applications using Identity Authentication as the Identity Provider.

This permission lays the groundwork for upcoming enhancements that will improve outbound OIDC communication, enabling integrations with external applications such as UI5Flex services, BTP mobile services, and Joule. Additional details on these enhancements will be provided in future announcements.

We've introduced this new permission to support the flexibility and security of future outbound OIDC-based API integrations."

Keywords

Role-Based Permission, OpenID Connect Tokens, Outbound API Calls, OData API Framework, IAS user identity verification, Oauth 2.0 login authentication, PLT-86030 , KBA , LOD-SF-INT-OID , OpenID Connect , Problem

Product

SAP SuccessFactors Platform all versions