I am writing a short blog to highlight one recent change that came into effect with the latest SAP SuccessFactors Production release on December 9th, 2022. This relates specifically to Identity Authentication / Identity Provisioning so if you are working on this topic this will be relevant for you.
As of the December 9th, 2022, production release any newly established integration between SuccessFactors BizX instance and SAP Identity Authentication/Identity Provisioning Services (IAS/IPS) will be using the SCIM API to manage user/group information exchange instead of the old oDATA API. This change applies to both newly provisioned SuccessFactors BizX Instances that have an identify authentication and Identity provisioning tenant bundled together and delivered at the same time, and to existing SuccessFactors BizX instances performing the Initiate IAS Upgrade or Change IAS tasks through Upgrade Center.
What is SCIM API
SCIM stands for System for Cross-domain Identity Management (SCIM), it is an open standard designed to make managing user identities in cloud-based applications and services easier, and to facilitate automation of user provisioning and user life cycle management process. SCIM communicates user identity data between identity providers (such as SAP Identity Authentication / Provisioning Services, Microsoft Azure Active Directory etc) and service providers requiring user identity information (such as enterprise SaaS apps in ERP, HXM, CRM, procurement etc)
Why SCIM API
Adoption of SCIM API aims to help you better manage user accounts and user groups, it makes user data more secure and simplifies the user experience by automating the user identity lifecycle management process.
SCIM provides a way to synchronize user information between multiple applications. Since it is a standard, user data is stored in a consistent way and can be communicated as such across different apps. This enables administrators/IT to employee/contractors onboarding and off boarding process. The automation would also reduce mistakes and data inconsistencies between identity ecosystems.
If you are using or planning to deploy SuccessFactors Onboarding 2.0 module, then we strongly recommend to migrate to SCIM API if not already done so to take advantage of the real time user sync capabilities that are only available with SCIM API not oDATA API. For details of Onboarding 2.0 user sync configuration scenarios, please see blog Onboarding New Hires Authentication using SAP Iden... - SAP Community
Also with SCIM API, you can sync users into People Stories only if the users have Reporting permissions, to streamline the setup of People Stories, and reduce the number of user records to be synced.
The use of SCIM API for SuccessFactors to IPS user sync does not prevent you from using oDATA API in other ways, for example existing integrations using oDATA to sync user information between SuccessFactors and other applications.
How can I find out whether I am using SCIM or OData
If your SuccessFactors BizX instance is already integrated with IAS/IPS, to find out whether you are using the previous OData API or the new SCIM API, you can follow the following steps:
Can I migrate my SF to IPS integration from OData to SCIM
If your SuccessFactors BizX instance is already integrated with IAS/IPS, and is currently using the previous OData API for integration between BizX and IPS for user data integration, we recommend that you migrate to the new SCIM API,
Note that SCIM does not support case sensitive usernames, To use SCIM APIs, please disable the setting “Enable Non-Case-Sensitive Username” in Provisioning before you migrate from OData API to SCIM API.
To migrate from OData API to SCIM API, take the following steps:
Note: If you are already using Onboarding 2.0 then after this migration Onboarding new hires will be authenticated using IAS.
Additional info on migration: Adoption of SuccessFactor SCIM Connector and X.509... - SAP Community
Resources:
Upgrade to X.509 Certificate-Based Authentication for Incoming Calls | SAP Help Portal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
8 | |
3 | |
2 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 |