SAP SuccessFactors as an Identity Source

Overview

This section describes how to configure SAP SuccessFactors as an identity source in the IDaaS platform, synchronizing the organization and user data uniformly maintained in SAP SuccessFactors to the IDaaS platform to ensure data consistency across various application systems within the enterprise.

Prerequisites

• Have administrator privileges for the SAP SuccessFactors management platform.
• Have administrator privileges for the IDaaS Enterprise Center platform.

Configuration Process

Steps

Create an Application in the SAP SuccessFactors Management Platform

1. Register an OAuth2 client application in the SAP SuccessFactors management platform. For detailed steps, please refer to the platform's Register OAuth2 Client Application (opens new window).

2. Obtain parameters such as the client ID for the self-built application.

3. Grant users access permissions to the newly created application.

Configure SAP SuccessFactors Identity Source in IDaaS

1. Log in to the IDaaS Enterprise Center platform, select "Users > Identity Source Management" from the top navigation bar, click "Add Identity Source", and choose the "SAP SuccessFactors" identity source.

2. Customize the identity source name, fill in parameters such as the SAP service address, Company ID, and Client ID according to the interface prompts, then click "OK" to save after setup.

3. Navigate to the details page of the newly added identity source to view or update the "Basic Configuration" of the SAP SuccessFactors identity source, including connection parameters and synchronization mechanisms.

4. Switch to the "Advanced Configuration" tab. It is recommended to keep the defaults or fill in according to actual needs.

Parameter	Description
Select Root Organization	Select an organizational node in IDaaS to serve as the root node for the synchronized SAP SuccessFactors organizations
Organization Matching Strategy	By default, the organization code in IDaaS is associated with the institution code in SAP SuccessFactors
Create Organization	Default is Yes
Update Organization	Default is Yes
Delete Organization	Default is to retain the organization (i.e., organization deleted in SAP SuccessFactors is retained in IDaaS), also supports disabling or deleting the organization
User Matching Strategy	By default, the user's mobile number and username in IDaaS are associated with the user's mobile number and username in SAP SuccessFactors
Create User	Default is Yes
Update User	Default is Yes
Delete User	Default is to disable the user (i.e., user deleted in SAP SuccessFactors is disabled in IDaaS), also supports retaining or deleting the user
Security Threshold Adjustment	Set the maximum threshold percentage for changes such as user deletion/organization deletion/organization hierarchy changes in the upstream identity source Threshold = (Difference between platform's reclaimed data and this batch's reclaimed data / Reclaimed data) * 100%. When the number of applications disabled/deleted in the upstream identity source exceeds the set threshold, the platform will not perform disable/delete operations upon receiving the command.

5. After configuration, switch to the "Object Model" tab and select "Mapping Definition". Configure the mapping relationship between the attributes of organizations and users in SAP SuccessFactors and the attributes of organizations and users in IDaaS according to the actual project requirements.

The object model supports mapping and matching attributes of users and organizations from the SAP SuccessFactors identity source with attributes of users and organizations in IDaaS. Once configured, it enables the retrieval of user and organization attributes from SAP SuccessFactors to the corresponding user and organization attributes in IDaaS.

• Execution Method: Defines under which circumstances the attribute needs to be mapped.
  • No Mapping: The attribute will not be synchronized to IDaaS.
  • Create: The attribute is synchronized only during creation.
  • Update: The attribute is synchronized only during updates.
  • Create and Update: The attribute is synchronized during both creation and updates.
• Transformation Method: Defines how the attribute mapping is performed.
  • Automatic Transformation: Synchronizes the value as-is from the identity source.
  • Script Transformation: Use this method to transform values from the identity source when they do not meet the required format. Refer to Script Mapping Method.

6. After completing the object model configuration, click "Execute Synchronization" to immediately run the synchronization operation.

   If the synchronization mechanism in the basic configuration is set to scheduled synchronization, manual execution of synchronization tasks is not required here.

7. After execution is complete, switch to the "Synchronization Events" page to view all synchronization tasks for this identity source. Click "Details" under the "Actions" column to view the import results, or check the imported data on the "Users > Users & Organizations" page.