/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
When integrating multiple external applications with SAP SuccessFactors through SAP Cloud Identity Services (IAS), customers may have questions about whether to reuse a single OIDC client ID and secret across all applications or configure separate credentials for each.
Environment
- SAP SuccessFactors HCM
- SAP Cloud Identity Services
Cause
Not applicable. This is a design and configuration decision rather than an issue caused by a misconfiguration or error.
Resolution
Recommended Approach: Use Separate OIDC Clients for Each Application
To ensure secure, scalable, and compliant integration, it is recommended to create and manage distinct OIDC client credentials for each application connecting to SAP SuccessFactors via IAS.
Benefits of Using Separate Client IDs and Secrets:
1. Security Isolation:
- Limits the impact of credential compromise to a single application.
- Enables application-specific token policies and scopes.
2. Audit and Compliance:
- Facilitates detailed logging and traceability per application.
- Supports regulatory and internal audit requirements.
3. Granular Access Control:
- Allows defining unique scopes and claims per application.
- Supports least privilege and role-based access principles.
4. Operational Flexibility:
- Credentials can be rotated or revoked independently.
- Simplifies troubleshooting and lifecycle management.
See Also
3532791 - How to authenticate for SuccessFactors using OIDC in IAS - SAP for Me
About SAP SuccessFactors OData APIs (V2) | SAP Help Portal
SAP Cloud Identity Services | SAP Help Portal
Keywords
SAP SuccessFactors, IAS, Identity Authentication Service, SAP Cloud Identity Services, OIDC, OpenID Connect, client ID, client secret, OIDC configuration, API authentication, multi-application integration, credential management, authentication setup, token-based authentication, integration best practices, secure integration, application access control, audit compliance, integration architecture, SuccessFactors API, authentication strategy, security configuration, OIDC IAS Configuration, OIDC best practices , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , How To
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)