Application Configuration in SuccessFactors Portal for OAuth2 Account to use in SuccessFactors
In this article
Overview
Snaps in the SAP SuccessFactors Snap Pack use the SuccessFactors OAuth2 account to access the SuccessFactors application. For the OAuth2 account to function without any issue, ensure to create and configure a connected app corresponding to the account. This Snap Pack supports OAuth 2.0 to authenticate OData API and SFAPI users. In this article, we will guide you to configure a new OAuth 2.0 client application. These steps also contain the information required to create a new SuccessFactors OAuth2 account for using this Snap Pack.
Prerequisites
Valid Company ID.
Valid Username and Password.
Permission to access Manage Integration Tools → Manage OAuth2 Client Applications
Configuring an OAuth 2.0 Client Application
Log into your SuccessFactors instance as an administrator.
Format of the login URL:https:// <Host>/login?company=<company id>
Navigate to Admin Center>API Center>OAuth Configuration for OData and choose Register Client Application.
Alternatively, you can navigate by searching API Center or Manage OAuth2 Client Applications under Tools.
In the API Center page, choose OAuth Configuration for OData.
In the Manage OAuth2 Client Applications page, enter the following details:
Field | Description |
---|---|
Company | The name of your company. This value is populated based on the instance of the company currently logged in. |
Application Name* | A unique name of your OAuth2 client. |
Description | A description for your application. |
Application URL* | A unique URL of the page that the client wants to display to the end user. This page contains additional information about the client application. This is needed for 3-legged OAuth, however it is not currently supported. |
Bind to Technical User | (Optional) Enable this option to restrict the access of the application to a technical user. A technical user is a special user created for integrating SAP SuccessFactors with other SAP products and solutions. |
Technical User ID | Required if you enable the Bind to Technical User checkbox. Enter the technical user name for your instance. Contact your system administrator or SAP Cloud Support if you do not know the technical user name. |
X509 Certificate* | The certificate corresponding to the private and public key used in the OAuth 2.0 authentication process. In this flow, SAP SuccessFactors require the public key and the client application has the private key. To register a client application, you must install the public key in SAP SuccessFactors. If you supply that certificate, you must use the RSA-SHA1, RSA- SHA2, or MD5 encryption type for authentication. You can obtain an X.509 certificate from a trusted service provider, or you can use a third-party tool to generate a self-signed certificate. If neither option is available, you can generate an X.509 certificate in SAP SuccessFactors. For enhanced security, we recommend that you use a self-signed certificate or one from your trusted service provider. In a .pem file, the X.509 certificate is a BASE64-encoded string enclosed between |
5. Click Register.
The API Key is generated and populated in the API Key field.
Do not copy the content in the field X.509 Certificate as Private key. The content in this field is the encrypted certificate. For getting a Private Key, you need to open your certificate using a text editor or other applicable text editing or viewing tools. You can find the private key between -----BEGIN ENCRYPTED PRIVATE KEY-----
and ----- END ENCRYPTED PRIVATE KEY-----
.
Creating Self-signed Certificate in SuccessFactors
From step 4 of Configuring an OAuth 2.0 Client Application procedure, click Generate X.509 Certificate.
In the Manage OAuth2 Client Applications page, enter the following details, and click Generate.