Application Configuration in SuccessFactors Portal for OAuth2 Account to use in SuccessFactors

In this article

Overview

Snaps in the SAP SuccessFactors Snap Pack use the SuccessFactors OAuth2 account to access the SuccessFactors application. For the OAuth2 account to function without any issue, ensure to create and configure a connected app corresponding to the account. This Snap Pack supports OAuth 2.0 to authenticate OData API and SFAPI users. In this article, we will guide you to configure a new OAuth 2.0 client application. These steps also contain the information required to create a new SuccessFactors OAuth2 account for using this Snap Pack.

Prerequisites

  • Valid Company ID. 

  • Valid Username and Password.

  • Permission to access Manage Integration Tools  → Manage OAuth2 Client Applications 

Configuring an OAuth 2.0 Client Application

  1. Log into your SuccessFactors instance as an administrator. 
    Format of the login URL: https:// <Host>/login?company=<company id>

  2. Navigate to Admin Center>API Center>OAuth Configuration for OData and choose Register Client Application.

    Alternatively, you can navigate by searching API Center  or Manage OAuth2 Client Applications under Tools.

     

     

  3. In the API Center page, choose OAuth Configuration for OData.

     

  4. In the Manage OAuth2 Client Applications page, enter the following details: 

Field

Description

Field

Description

Company

The name of your company. This value is populated based on the instance of the company currently logged in.

Application Name*

A unique name of your OAuth2 client.

Description

A description for your application.

Application URL*

A unique URL of the page that the client wants to display to the end user. This page contains additional information about the client application. This is needed for 3-legged OAuth, however it is not currently supported.

Bind to Technical User

(Optional) Enable this option to restrict the access of the applica­tion to a technical user. A technical user is a special user created for inte­grating SAP SuccessFactors with other SAP products and solutions.

Technical User ID

Required if you enable the Bind to Technical User checkbox.

Enter the technical user name for your instance. Contact your system administrator or SAP Cloud Support if you do not know the technical user name.

X509 Certificate*

The certificate corresponding to the private and public key used in the OAuth 2.0 authentication process. In this flow, SAP SuccessFactors require the public key and the client application has the private key. To reg­ister a client application, you must install the public key in SAP Success­Factors. If you supply that certificate, you must use the RSA-SHA1, RSA- SHA2, or MD5 encryption type for authentication.

You can obtain an X.509 certificate from a trusted service provider, or you can use a third-party tool to generate a self-signed certificate. If neither option is available, you can generate an X.509 certificate in SAP SuccessFac­tors.

For enhanced security, we recommend that you use a self-signed certificate or one from your trusted service provider.

In a .pem file, the X.509 certificate is a BASE64-encoded string en­closed between -----BEGIN CERTIFICATE----- and ----- END CERTIFICATE-----. Enter only the enclosed string without the beginning and ending lines; else, an error occurs. When you change or regenerate an X.509 certificate for an application, the existing application client configurations are invalidated. This could lead to application failure until you update the configurations with the new certificate information.

5. Click Register.
The API Key is generated and populated in the API Key field.

Do not copy the content in the field X.509 Certificate as Private key. The content in this field is the encrypted certificate. For getting a Private Key, you need to open your certificate using a text editor or other applicable text editing or viewing tools. You can find the private key between -----BEGIN ENCRYPTED PRIVATE KEY----- and ----- END  ENCRYPTED PRIVATE KEY-----.  

Creating Self-signed Certificate in SuccessFactors

  1. From step 4 of Configuring an OAuth 2.0 Client Application procedure, click Generate X.509 Certificate. 

     

  2. In the Manage OAuth2 Client Applications page, enter the following details, and click Generate.

Field

Description

Field

Description

Issued By

This value is preset to SuccessFactors.

Common Name

The hostname or IP address for which the certificate is valid. The common name (CN) represents the hostname of your application. It is technically represented by the Common­ Name field in the X.509 certificate. This name does not include any protocol, port number, or path. For example, www.bestrun.com

Organization

(Optional) The entity to which the certificate is issued.

Organization Unit

(Optional) The organization unit of the entity to which the certificate is issued.

Locality

(Optional) Name of locality of the entity to which the certificate is issued.

State/Province

(Optional) Name of state or province of the entity to which the certificate is issued.

Country

(Optional) Enter a two-letter country code of the entity to which the certificate is issued. A country code represents a country or a region. For example, AU.

Validity

The number of days for which you want the X.509 certificate to be valid.

3. Click Download to download the certificate.

There are other ways to generate the certificate, see SucessFactors Developer Guide. 

Locate/Define Information Required to Create your SAP SuccessFactors OAuth2 Account

Specify the values required to create a successful SAP SuccessFactors OAuth2 account.

  1. Navigate to the SuccessFactors Snap of your choice and configure the SuccessFactors OAuth2 Account with the following details:

    1. API Key: Specify the API key of your OAuth 2.0 client application. Provide the API Key that is auto-generated after creating the app in your SuccessFactors instance.

    2. Private Key: Specify the private key of the X509.certificate. Provide the Private Key that is auto-generated after creating the app in your SuccessFactors instance..

  2. Click Validate and then click Apply.
    The SuccessFactors OAuth2 account is created.