SuccessFactors
SuccessFactors integration lets you pull in useful info like user notifications and PTO balances right into your intranet. It uses OAuth for secure authentication via SAP Cloud Identity Services and SuccessFactors.
Prerequisites
- You have the Administrator Permissions > Manage Security > Manage SAML SSO Settings permission.
- You have the Administrator Permissions > Manage Security > Manage Application Security Feature Settings permission.
- You already have an SAP SuccessFactors HCM suite hybrid SAML/OIDC application set up in Identity Authentication.
Configuring SAP Cloud Identity Services
- Log in to your SAP Cloud Identity Services tenant (e.g., https://tenantzxcvb.accounts.ondemand.com).
- Navigate to the Applications section and click "New" to create an OpenID Connect application (or use an existing one).
- Configure the values as outlined below
-
Redirect URI (OpenID Connect Configuration > Redirect URIs) -
https://{your-intranet-domain}/marketplace/successfactors/account/sign-in/oauth -
-
Grant Types (OpenID Connect Configuration > Grant Types) - ensure the following Grant Types are enabled:
-
-
Subject Name Identifier
-
-
Dependency (Dependencies > APIs)
- Add the existing hybrid SAML/OIDC application as an API dependency and note down the name that you give it
-
-
API Permission (Provided APIs > API Permissions Groups > Allow all APIs for principal propagation) - Enabled
-
-
- Make a note of the Client ID, Client Secret, Dependency Name, and URL - you'll need these for the integration setup.
| Field | Where to find it | Example |
|---|---|---|
| Client ID | Client Authentication > Client ID | x12y34z56 |
| Client Secret | Client Authentication > Secrets | abcd1234efgh5678 |
| Dependency Name | Dependencies > APIs | SF_SAML |
| Authority URL | The base URL of your tenant | https://tenantzxcvb.accounts.ondemand.com( |
Client Secret SecurityTreat the Client Secret like a password. Store it securely and avoid sharing it unnecessarily.
Configuring SuccessFactors
- Log in to your SuccessFactors instance (e.g., https://demo-eu10-sales.hr.cloud.sap/).
- Go to Admin Center > Tools > Manage OAuth2 Client Applications and select the application used for SAML/OIDC application set up in Identity Authentication.
- Make a note of the Application URL, Company ID, and API Key - you'll need these for the intranet setup.
| Field | Value | Example |
|---|---|---|
| API URI | Application URL of the OAuth App in SuccessFactors. Should match one of the server URLs list https://help.sap.com/docs/successfactors-platform/sap-successfactors-api-reference-guide-odata-v2/list-of-sap-successfactors-api-servers?locale=en-US . | https://apisalesdemo2.successfactors.eu/ |
| Company ID | Your organization's unique ID in SuccessFactors | SFCPART112233 |
| API Key | The key generated for API access | xyz789abc456 |
API Key AccessEnsure the API Key has permissions to access user data and notifications to avoid issues with the integration.
Configuring Interact Marketplace
-
From Application Settings > Control Panel > Marketplace, select SuccessFactors.
-
Specify the following from your SAP Cloud Identity Services and SuccessFactors setups:
- Client ID
- Client Secret
- Authority (e.g. https://tenantzxcvb.accounts.ondemand.com)
- API URI
- API Key
- SAP SuccessFactors Company ID
- Dependency Name
-
Click Save.
Editing Marketplace ConfigurationEditing these settings will invalidate existing authentication tokens for all users, requiring them to re-authenticate to use the integration again. Any scope changes will apply to new tokens immediately.
Updated 1 day ago