Technology Blog Posts by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The SuccessFactors connector – more secure than ever

adriana_dimitrova
Product and Topic Expert
Product and Topic Expert
‎2024 Jun 21 3:08 PM
1,696

The SuccessFactors connector, used for communication between SAP Identity Management and SuccessFactors systems, is now enhanced to support mutual Transport Layer Security (mTLS) authentication. This change is determined by the announced retirement plan for HTTP Basic Authentication method for accessing APIs in SAP SuccessFactors. For more information, see Deprecation of HTTP Basic Authentication for APIs.

The mutual Transport Layer Security (mTLS) establishes an encrypted TLS connection, in which both parties use X.509 certificates to authenticate and verify each other. It provides an additional layer of security and that is the reason to be proved as the more secure authentication option.

To take advantage of the new authentication method, follow the procedure below.

First, you have to generate a certificate. You have two options to accomplish this step – via SAP for Me, which we recommend, or via SAP Cloud Identity Services- Identity Authentication service.

If you decide to use SAP for me, you should execute the steps described in SAP Note 3469904 . After you have successfully generated a certificate, extract the certificate trust chain from it.

In case you choose to generate your certificate via SAP Cloud Identity Services - Identity Authentication service, you should execute Step 6 from the procedure described in Add System as Administrator.

We have reached the moment to upload your certificate to your SAP SuccessFactors system. Login to the system and navigate to Admin Center > Security Center > X.509 Public Certificate Mapping. Select the Add button, complete the required fields and choose Save.

sf_x509.png

 For more information, refer to Upgrade to X.509 Certificate-Based Authentication for Incoming Calls.

After this is fulfilled, you should adapt your existing SuccessFactors repository. To get all new constants, you should re-import the com.sap.idm.connector.sfsf connector package.

Until now, only basic authentication was possible, so after the package import, your repository probably looks like this:

basic.png

Once you switch to authentication with mTLS, you would no longer need the constants SFSF_PASSWORD and SFSF_USER. Instead, you should put the path to the newly created certificate and its password. At the end, your repository constants should look like this:

mtls.png

Congratulations, you are officially using the newly introduced authentication method for provisioning between SAP Identity Management and your SuccessFactors system.

For more details around this change, you can check Setting Up a SuccessFactors System.

Any question or feedback will be appreciated!

 

2 Comments
Labels in this area
Popular Blog Posts