Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
nageshcaparthy
Product and Topic Expert
Product and Topic Expert
53,797

I don’t think I have to introduce what Joule is all about, it has been making noise all over the SAP Community since the announcements at #SAPTechEd2023.

In case you missed it, allow me to share that Joule is the AI copilot to help your business requirements while supporting Navigational, Transactional, and Informational patterns. As part of our first announcements, Joule is Generally Available (GA) with SAP SuccessFactors. You may refer to the SAP SuccessFactors 2H 2023 Release Highlights or take a quick look at the SAP SuccessFactors 2H 2023 Release Highlights Video and you can also watch the Demo – Interacting with Joule in SAP SuccessFactors.

So let me summarize the important topics:

Talent Intelligence Hub is GA - Understand, build, and leverage the skills of the workforce with an AI-powered skills framework included in the SAP SuccessFactors platform

  • Integrated Learning Experience is GA, it supports users with a redesigned learning home page and personalized AI-powered recommendations on
    • Have to Learn
    • Need to Learn
    • Want to Learn
  • New Recruiter Experience with AI-powered job descriptions using Joule and the ability to add MS Team call details to the interview
  • Interview questions based on the Job Description with Joule
  • SAP SuccessFactors App for Microsoft Teams available in the AppStore
  • SAP SuccessFactors Employee Central quick actions
  • SAP SuccessFactors Incentive Management
  • Follow the SAP Road Map Explorer for future updates

Important:  Joule is currently available in English, supported and supported in the US (Virginia) and European (Frankfurt) Data Centers with AWS as the Infrastructure Provider.

**********************************************************************

nageshcaparthy_0-1726756927501.png Announcement!!! We will allow all our SAP SuccessFactors customers to use Joule irrespective of the SAP SuccessFactors Data Center and pick any/nearest data center where Joule is supported. You can find more updates here: SAP Note: 3519499 and What’s New with Joule. 

You can refer to the Joule Data Center list here.

Obsolete: I recommend always taking a look at the Data Center Mapping between SAP SuccessFactors and Joule. In case your SuccessFactors instance is EU enabled, then you have to select the EU11 Subaccount in your BTP. If EU11 is missing, please contact your CSP/AE to get this enabled in your selected BTP account where your Joule entitlements are provisioned.  

******************************************************************

If you have made it so far & have the prerequisites to set it up, and are interested in setting up the Joule service, please reach us at SAP_AI_RIG@sap.com.

In case of Issues, Take a look at the [SAP BTP Onboarding Series] Joule with SFSF – Common Setup Issues

New Release Joule – Getting Started with Document Grounding - setup guide

Discovery Center Mission Update with full setup Process - Activate SAP Joule for SAP SuccessFactors

*******************************************************************

Disclaimer: Before we get started, as this is a new product with a lot of momentum and subsequent updates to be announced shortly, we recommend referencing the official Joule help guides in case of any changes from the below process.

******************************************************************
Perfect, now that we have the details on Joule let’s roll up our sleeves and learn how to get started with it.

Pre-requisites:

  • SAP BTP Account with Joule(das-application) Check your entitlements in your SAP BTP Global Account. If you have an SAP SuccessFactors license and this entitlement is missing, please contact your SAP Account Executive
  • SAP Build Work Zone, standard edition / SAP Start.

- SAP Start is now available for customers at no extra cost with services like SAP S/4 HANA Cloud, public edition, or SAP SuccessFactors. You can check the details here

Joule uses the navigation service component of SAP Build Work Zone, standard edition to resolve intent-based navigation targets and configure additional content providers

  • SAP SuccessFactors License + Understand the Joule Data Center availability as mentioned above
  • SAP Cloud Identity Services – you may log in to Viewing Assigned Tenants and Administrators to verify your active tenants. If you are new to the topic, you can check the SAP Discovery Center Mission - Get Started with SAP BTP - Cloud Identity Service Provider (SAP IdP)
  • Configure the assertion attribute user_uuid to the Global User ID field in the Identity Authentication application corresponding to your subaccount to allow user identification based on Global User ID (discussed in image 22a)

Roles required to configure:

  • SAP BTP Global Account Admin & BTP Subaccount Admin (in case they are different users)
  • SAP SuccessFactors Administrator
  • SAP Cloud Identity Services Administrator

License: Joule is included as part of your SAP SuccessFactors license at no additional cost with a certain number of free messages for an annual period known as Base AI. Some of the AI Capabilities are part of the premium edition - Premium AI, where you may have to purchase AI Units to use the functionalities.

  • SuccessFactors customers will receive a Joule message allocation based on the number of licensed, active users; Users licensed for multiple products only count once
  • Messages will be metered on an annual basis; at the end of each term, the annual allocation of free messages will reset (i.e., no carryover)
  • Customers must purchase additional SAP AI Units (Premium AI) if they exceed their free message allocation during the annual period
  • In case the service is not visible in your BTP Cockpit, to gain access to Joule, all customers will need to license a no-cost SAP SKU. Doing so will trigger the provisioning of Joule and the creation of the terms and conditions that must be accepted by the customer to use Joule.

***Important***

You may refer to the document AI Service List - AI SERVICE ENTITLEMENTS - SuccessFactors to know your eligible messages. 

Please contact your Account Executive for more information on Joule contracts and allocation as they vary based on user licenses.

Account Model in SAP BTP and SAP SuccessFactors Tenant: While you are working with SAP BTP, we recommend creating multiple subaccounts to achieve your desired account model. With SuccessFactors delivering a 2-tier account model with a (Dev/Test & a Production tenant), you may want to create two different subaccounts in the SAP BTP to mirror that landscape.

Now, let us consider a staged approach to complete the setup activities for Joule with SuccessFactors.

0. System Landscape <<New process since July 2024>>

  1. Activate “Manage Extensions on BTP” in your SFSF
  2. System Landscape Setup in your BTP Global Account
  3. Update the Integration Token in the Extension Center

1. BTP Activities – Create a Subaccount and Run The Booster

2. Configure SAP Cloud Identity Services – In my case, I have already activated it, you may refer to SAP Discovery Center Mission Get Started with SAP BTP - Cloud Identity Service Provider (SAP IdP). I will be skipping this step as it is activated in my SAPP BTP account

3. Configure Cloud Identity Services in SuccessFactors

4. Adding Trusted Domains in SAP Cloud Identity Services

5. Post Booster Configurations, required to support Joule - Navigation Services

Image 0 (reference diagram for the setup activity)

Now let us get started with the First Step:

You may also refer to our Joule Setup videos here

- Chapter 1 - Activating Joule and Running the Booster - Read Description for updated information

Chapter 2 - Establish Trust with your Cloud Identity, BTP and Create Trusted Domains 

Chapter 3 -  Activating Joule in SFSF

Chapter 4 - Activate Cloud Foundry, Create Destinations and Workzone Content Provider

Chapter 5 - SAP Cloud Identity Services - Source & Target Configurations 

0. System Landscape 

Refer to our official help page on Register an SAP SuccessFactors System in a Global Account in SAP BTP.

a. Activate “Manage Extensions on BTP” in your SFSF

This section focuses on enabling the integration of your SAP SuccessFactors and your SAP Business Technology Platform subaccount using the Extension Management Configurations.

You may log in to your SuccessFactors, go to Manage Permission Role -> select the Role where you would like to assign the extension -> click on Permission ->

- Admin Access to Metadata Framework -> Select Admin access to MDF OData API permission 

nageshcaparthy_0-1721145585854.png

- Then click on Manage Extensions on SAP BTP -> select Create Integration with SAP BTP, and Save the settings. 

nageshcaparthy_0-1721123006673.png

b. System Landscape Setup in your BTP Global Account

You can now select the SAP SuccessFactors system in the Select Integrations screen of the Joule booster instead of manually typing the tenant URL and the company code. You need to ensure that you have registered the system in SAP BTP under System Landscape before you run the booster. To do this Go to your SAP BTP Global Account -> click on Systems Landscape -> In the Systems tab search for your existing SFSF Systems as most of the time they should be auto-discovered -> once you find the SFSF System, select it -> and then click on Get Token.  

nageshcaparthy_1-1721123089057.png

(Skip this step, if your system is found in the list) In case your SFSF System is not found, you can click on Add System -> Enter the System Name “SuccessFactors tenant”, select System Type as SAP SuccessFactors and click on Add.

nageshcaparthy_2-1721123142381.png

You should be able to see a success message, now click on the option Get Token.

nageshcaparthy_3-1721123187235.png

c. Update the Integration Token in the Extension Center

In your SAP SuccessFactors -> go to Extension Center -> Enter the token value that you copied from the BTP Account in the Integration Token field and click on Add. Once you add this token, you should be able to see the Multi-Cloud Environment list with your SAP BTP Global Account ID, please click on the refresh button and ensure you see the message Integrated.

nageshcaparthy_4-1721123271685.png

Note: In case of missing Extension Center

- The service should be activated in the SFSF Provisioning -> Select Enable Extension Center.

nageshcaparthy_0-1724140203433.png

- Go to Admin Center -> Upgrade Center ->  select "Extension Centre", and click Upgrade now, to upgrade it.

In case of any issues, while adding tokens in the SFSF system, you can create a ticket using the component - BC-NEO-EXT-SF and share the Company ID of the affected SFSF system along with Data Center details. 

1. BTP Activities – Create a Subaccount and Run The Booster

1.1 Create a Subaccount

Let us begin to log in to your SAP BTP Cockpit with Global Account Administrator authorizations, to create a new subaccount for Joule. In your BTP Cockpit -> click on Account Explorer -> click on the Create button -> click Subaccount -> enter the Subaccount name and select once you fill in all the required details, please click on Create.

Note: In my Demo, I am going with SuccessFactors DC33/55 Data Center (Frankfurt) and Europe (Frankfurt) Joule Data Center. 

Image 1


1.2 Configure Joule in SAP BTP Cockpit:

Another important step is to check the required Entitlements. Navigate to Entitlements -> click on Service Assignments ->, and search for Joule with limited Quota Assignment as shown in the image below.

Image 2

 

*** Important *** - Before you run the Joule Booster, please follow 2. Configure SAP Cloud Identity Services(CIS) - (you need to establish Trust for your subaccount and cloud identity services) as this has been added as a prerequisite to the new update to the Booster.

Once you add the Joule Entitlement, we are ready to create the subscription. We will use SAP Boosters to configure and consume the Joule Services. To do this, Click on Boosters -> search for Setting up Joule -> and Click on Start, you will see the Overview page – please read the details and then click on Start in the top right side of the screen.

Image 3


The Booster automatically checks if you have the required Entitlements, Authorizations, and Identity Authentication Tenant. Once the checks are completed, click on the Next button.

Image 4

In the Configure Subaccount tab, You have to select the subaccount that was created in the previous step, in my demo I created a Subaccount named Joule, so I selected “Joule” and click on Next.

Image 5

In the Select Integration tab, we have to select “SAP SuccessFactors” as this blog is focused on SAP SuccessFactors.  Let us select SAP SuccessFactors and click on Next.

Image 6

In the next screen, we have to provide the Integration Details, such as the SAP SuccessFactors Tenant Domain URL and the Company Code.

Example:

SAP SuccessFactors tenant login URL: https://hcm41preview.sapsf.com/login?company=testacc01

Tenant Domain: https://hcm41preview.sapsf.com

Company Code: testacc01

Image 7


Once you enter the details, click the Validate button, if no error messages, then you are good to go, click on the Next button.  In my case I am good, so I continue with the next setup.

In case of general errors- “The provided Company Code either does not exist or is invalid” Please raise an SAP Ticket with the component - CA-JOULE or CA-JOULE-PRV

In the last step, we validate the details that are entered and click on the Finish button.

Image 8


The booster will execute the process to enable Joule subscription services and you should be able to see the success message as shown below.

Image 9


This completes the Joule provisioning in your SAP BTP Subaccount.

2. Configure SAP Cloud Identity Services(CIS)

In my case, I have already provisioned it, you may refer to SAP Discovery Center Mission Get Started with SAP BTP - Cloud Identity Service Provider (SAP IdP), so I will be skipping the step of activating the Cloud Identity Services.

So why is SAP Cloud Identity Services(CIS)? SAP CIS acts as a central system to authenticate and authorize users for your SAP SuccessFactors and Joule and it is a mandatory component for post booster configurations. In this step, we will enable Custom Identity Service in your Subaccount.

Note: In case you have a Cloud Identity Service configured for your SAP SuccessFactors, you can use the same CIS tenant to establish trust with your subaccount.

Once you activate the Cloud Identity Services, the next step is to Establish Trust between your Cloud Identity Services and the Subaccount. Now let us navigate to the Joule Subaccont, click on Account Explorer -> click on the subaccount Joule -> click on the Security option -> click on Trust Configuration -> click on the Establish Trust button as shown below.

Image 10


Select the SAP Cloud Identity Services Tenant that you have activated, click on Next, and select the Domain Name either *.accounts.ondemand.com or *.accounts.cloud.com and click on Next.

Tip: For best SSO Experience ensure you select the save Domain Name throughout the configurations. Before you select this, verify your Cloud Identity Services Domain URL and select accordingly.

Image 11

Optional Step(Image 12):  To Create Platform Users you can either proceed with the next step or, (you can navigate to your Global Account. Click on Security -> Trust Configuration -> Establish Trust -> Select your Cloud Identity Services that you created -> Choose the domain as mentioned above  -> Click on Next and in the Configure Parameters you can modify the name and description and this will set up the trust for Platform Users, click on Next and then click on Finish. By doing this Platform Users option will be added to all Subaccounts by default.)

In my case, I have created it to manage Business Users and Application Users.

Image 12

If you are back to your subaccount to Establish Trust, you should be able to see the screen below to Configure Parameters for Application Users, you can click on Next as shown below.

Image 13

Upon completion, you should be able to see Platform Users(if added to Global Account) and Application Users listed on the trusted Trust Configuration page.

Now ensure, only your Custom Identity Service is available for User Logon.

2.1 Configure Trusted Domains for SAP Authorization and Trust Management Service

Now within your subaccount, click on the Security option -> click on Settings ->  under Trusted Domains click on the Add button to add your SAP SuccessFactors Domain name.

Example: https://hcm41preview.sapsf.com

Image 14


This completes the setup of Joule in the SAP BTP Subaccount.

3. Configure Cloud Identity Services in SAP SuccessFactors (skip activation step if already active)

Now let us log into the SAP SuccessFactors system and look at the settings required.

In case you already have Cloud Identity Services enabled, you can skip this step, and follow the step after Image 19. To activate the services, click on your Profile icon and then click on Admin Center.

Image 15


From Admin Center, navigate to Upgrade Center and then select Platform.

Image 16

Look for the option – Initiate the SAP Cloud Identity Services Identity Authentication Service Integration, click on Learn More & Upgrade Now.

Image 17


Now click on Upgrade Now, and you will be prompted for a username and Password.

Image 18

Enter your S-User ID and Password. You may also refer to the help guides and videos on this page to initiate your Cloud Identity Service. While selecting your Cloud Identity Services, please ensure you select the same Identity Services used for your SAP Subaccount configurations in the previous steps.

Image 19

Once you initiate to change the Identity Authentication services, it may take up to 24hrs and you will receive an email once the upgrade is complete.  You may use the Monitoring Tool for Identity Authentication Service to keep track of the changes. Once the Service is activated please ensure you follow the help documentation to complete the setup process.

Now go back to the Admin Center, you may also want to

  • Manage Role-Based Permission Access, and Grant roles required as per your organizational requirements.
  • Manage Permission Groups, Create New Groups, and add Group Members as required
  • Go to Manage Permission Role, and click on the Permission Role where you would like to grant Joule services.

Image 20

On the Permission Role Detail page, click on the Permission… button, click on General User Permission look for Access to Joule, select it, and click on Done.

Image 21

This completes the Role assignment to users in SAP SuccessFactors for access to Joule.

4. Adding Trusted Domains and Configure Assertion Attributes in SAP Cloud Identity Services (CIS)

Before testing Joule, we have to maintain your SAP SuccessFactors Domain name in the Cloud Identity Services as a Trusted Domain. Let us login to the Cloud Identity Services -> click on Applications & Resources -> then click on Tenant Settings -> click on Customization -> You will be able to see the option Trusted Domain, please click on it and click on the Add button to create a new line item to specify the Domain name of your SAP SuccessFactors System as shown below, enter the details and Save the Settings.

Example: hcm41preview.sapsf.com

Image 22

4.1 Configure Assestion Attribute

You will have to establish federated trust in your subaccount and configure the assertion attribute user_uuid to the Global User ID field in the Identity Authentication application corresponding to your subaccount to allow user identification based on Global User ID. In your Cloud Identity Services, click on Application & Resources -> click on Applications -> select Application where you have established trust -> click on Attributes on the right panel -> expand the section user_uuid and change the Identity Directory value to Global User ID.

Image 22(a)

This completes the activation of Joule Services in SAP SuccessFactors and the required configurations. You can now navigate to your SAP SuccessFactors System and click on the Joule Icon to open the services.

Say Hello to Joule, your friendly Copilot!!! 😊

 

Image 23

Well, we are not quite there yet to use the full capabilities of Joule. We are just a few more steps away so let us continue 😊.

5. Post Booster Configurations

Once your Joule service is working, Once your Joule service is working, you need to configure the navigation service which is a part of the Build work zone to resolve intent-based navigation targets that are defined in the backend. If you are quite curious about the navigation pattern and not sure how it looks or works, you can refer to Image 40 😊.

5.1 Create SAP Build Work Zone Application and Instance: You may follow the standard help guide to set this up. If you are setting up SAP Build Work Zone for Joule service, you may use the Foundational Plan as shown below or if you already have SAP Build Work Zone standard edition, you may skip the activation and configure the missing steps. I am showing the process of activating the SAP Start - foundation services, and assigning the entitlements to your subaccount as shown below.

Image 24

Before activating the services, ensure you have Created a Cloud Foundry instance and created a Space. Now you can go to Service Marketplace and create the SAP Build Work Zone foundation Services Plans and Application Plans as shown below.

Image 25

Once the services are activated, you can Create a Service Key for the services under Instance as shown below.

Image 26

Enter a Service Key Name and click on Create. Once the service key is created, click on it to view the data and save the data, we will be using it at a later stage.

Image 27

Now let us assign a user to the Work Zone service that is activated. Within your subaccount, click on the Security option -> click on Role Collection -> click on Launchpad_Admin -> click on Edit -> In the Users Section add yourself and Save the settings.

Image 28

5.1.1 Add a Content Provider to Consume CDM Content

Add a new content provider to your SAP Start site to consume the CDM content from SAP SuccessFactors. Go to your SAP BTP Joule Subaccount -> click on Services -> click on Instances & Subscriptions -> click on the application SAP Build Work Zone, standard edition ->  the application opens on a new page, click on the Channel Manager icon -> click on +New button and enter the details for the New Content Provider with following information:

 

FieldValue
TitleEnter a name for the Content Provider (recommended SuccessFactors)
DescriptionEnter a description for the content provider.
IDAny unique ID (recommended sfsf or your SFS CompanyID - this will be used again during IPS setup for - cflp.providerId)
Design-Time DestinationSelect the design time destination LPS_SFSF_dt
Runtime DestinationSelect the runtime destination LPS_SFSF_rt
Runtime Destination for Dynamic DataSelect Use default runtime destination
Automatically add all content items to the subaccountTrue
Use the Identity Provisioning service to provision user authorizationsTrue

The details should be as shown below:

                        nageshcaparthy_0-1716363568766.jpeg

Image 28a

5.2 Configure Navigation Service

We need the Navigation Services to navigate to the targets that are defined in the backend. The recommended approach is to use the Name according to the help guide.

5.2.1 Configure Destination to Use Navigation Service

Within the subaccount, click on Connectivity -> click on Destination, click on Create Destination, and enter the following details:

FieldValue
NameNavigationService
TypeHTTP
URLportal url from the service key created for the service instance of SAP Build WorkZone, standard edition. (Images 27 & 29)
Proxy TypeInternet
AuthenticationOAuth2UserTokenExchange
Client IDClient ID from the service key created for the service instance of SAP Build WorkZone, standard edition. (Images 27 & 29)
Client SecretClient Secret from the service key created for the service instance of SAP Build WorkZone, standard edition. (Images 27 & 29)
Token Service URL TypeDedicated
Token Service URLhttps://<uaa url>/oauth/token

Add additional properties -

FieldValue
Use default JDK truststoreEnable this option.


You should be able to see the details below:

Image 29

The details in Destination should be as below:

Image 30

Tip: The last line item Token Service URL should end with https://<uaa url>/oauth/token, do not forget this.

Save the changes.

5.2.2 Create a Design Time Destination

Create a design-time destination on SAP BTP to access the CDM content API from SAP SuccessFactors.

Note: Accessing SAP SuccessFactors APIs using Basic Authentication has been deprecated. You can create certificate-based destinations. For more information, see Deprecation of HTTP Basic Authentication for APIs.

For the demo, we are going with Basic Auth for now. Create your second destination, Click on Create Destination and enter the following details:

FieldValue
NameLPS_SFSF_dt
TypeHTTP
URL

https://<tenant API URL>/rest/servicesfoundation/sfcdmcontentservice/v1/SFCDMContent

Tip: you can refer to SAP Note: 2215682 - SuccessFactors API URLs and external IPs to find your Tenant API URL based on your Data Center
Proxy TypeInternet
AuthenticationBasicAuthentication
User

Enter your SAP SuccessFactors username with oData API access and company in the format of "username@COMPANY".

Note: Do not use your login details here. Please create a technical user for Joule with the following permission. You can navigate to Manage Permission Role -> Select the Group this Technical User belongs to, click on Permission, and go to Manage Integration Tools -> select "Allow Admin to Access OData API through Basic Authentication". 

PasswordEnter the password for your SAP SuccessFactors

Add Additional Properties as follows:

FieldValue
Use default JDK truststoreEnable this option.
HTML5.DynamicDestinationTrue

Enter the details and Save the settings. The details should be as shown below:

Image 31

5.2.3 Update the Runtime Destination

LPS_SFSF_rt destination is automatically created when you run the Joule booster but you may need to update the destination in the following scenarios:

  • If you are using the SAP Build WorkZone foundation plan (not the standard plan), enter/type the following information in the Additional Properties section:
FieldValue
sap-starttrue
    • If your SAP SuccessFactors tenant has already migrated to use the SAP super domain (cloud.sap), update the URL field in the destination to use the new super domain, for example, https://sfsf.cloud.sap/

The configuration should look like this:

Image 32

5.2.4 Configure Identity Provisioning Service(IPS) Setup for Navigation Service

The Navigation Service component of SAP Build WorkZone, standard edition service uses Identity Provisioning Service to provision identities and their authorizations between source and target systems.

Note: This section describes the steps to configure the source system (SAP SuccessFactors) and target systems (Identity Authentication and SAP Build Work Zone, standard edition) in the Identity Provisioning of your IAS application user interface. For some customers, SAP SuccessFactors and the Identity Authentication systems are already configured as the source and target system by the Upgrade Center.

We need to configure the Identity provisioning service (IPS) service to:

  • Provision user details to the SAP Build WorkZone target system with the user email, Global User ID, and group memberships
  • Provision user roles as groups to SAP Build WorkZone target system with role ID as external ID and group memberships

Note: If you are using the SuccessFactors Onboarding 2.0 module, then we strongly recommend migrating to SCIM API to take advantage of the real-time user sync capabilities that are only available with SCIM API, not oDATA API. For more information, see Overview of SAP SuccessFactors Workforce System for Cross-Domain Identity Management API and refer to this blog.

To do this, let us log in to the Cloud Identity Services with Admin Authorizations, click on Identity Provisioning -> click on Source System -> Assuming that the SAP SuccessFactors is already configured with Cloud Identity Services, you can click on your existing SAP SuccessFactors Source System -> on the right side of the page, click on Transformation and switch to JSON View -> modify the Group Entity in transformations has following configuration, refer to the image below:

++++++++++++++++++++++++++++++++++++++++++++++++++++++

I recommend the second blog, for the Source and Target files configuration that is in my next blog - [SAP BTP Onboarding Series] Joule with SFSF – Common Setup Issues you can download the readily available files attached to the bottom of the blog, use them and follow point number 10. Quick Setup Use the “Source System and Target System” .json files

++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

PropertyValueDescription
IgnorefalseEnsures groups SCIM entity is considered during the provisioning jobs
Mapping{
"sourcePath": "$.id",
"targetPath": "$.externalId"
},
Ensures the source ID field of the SCIM entity groups is set to externalId

Image 33

Next in the Under Properties Tab, ensure field sf.user.filter is configured to fetch all required and valid users.

Image 34

In case you don’t want the groups to be provisioned in IAS, you can follow the steps below, else you can skip this and go to Create Target System.

  • Navigate to Identity Provisioning Source System
  • Select the target system configured for Identity Authentication\Select transformations and switch to JSON view
  • Ensure the Group entity in transformations has the following configuration:
PropertyValueDescription
IgnoretrueEnsures groups SCIM entity is considered during the provisioning jobs

Now let us create a new Target System with the following values and Save the settings:

 

FieldValue
TypeSAP Build WorkZone, standard edition
NameAny meaningful name (WorkZone-Target)
DescriptionAny Meaningful description
Source SystemSelect SuccessFactors source system

The settings should look as below:

Image 35

In the new Target System that you created, in my case it is SFSF – WorkZone click on the Transformation -> click on JSON view and edit the Group Entity with the value below:

 

PropertyValueDescription
Mapping{
"sourcePath": "$.externalId",
"targetPath": "$.externalId",
}
Ensures the externalId field of the SCIM entity groups is set to externalId


The details should be as shown below:

Image 36

Now click on the Properties tab and check the following details, in case they are missing add them to the list. The values can be found in the Service Key that was generated earlier:

 

FieldValue
URLportal-service field value under endpoints node from the service key
AuthenticationBasicAuthentication
Userclientid field value under uaa node from the service key
Passwordclientsecret field value under uaa node from the service key
ProxyTypeInternet
TypeHTTP
OAuth2TokenServiceURLhttps://<uaa url>/oauth/token
ips.trace.failed.entity.contentFalse
cflp.user.unique.attributeemails[0].value,['urn:ietf:params:scim:schemas:extension:2.0:mapping']['providerId'],externalId
cflp.support.bulk.operationFalse
cflp.providerIdID field value for content channel configured for SAP SuccessFactors in SAP Build WorkZone (step 5.1.1)
cflp.group.unique.attributeexternalId,['urn:ietf:params:scim:schemas:extension:2.0:mapping']['providerId']
cflp.bulk.operations.max.count100

The details should be seen as shown below:

Image 37

Note: Please refer to my second blog as mentioned ( above image 33). Since we are using the Certificate for authentication, please use this link to copy your URL based on your data center - mTLS Certificate Server. Example: https://api55preview.cert.sapsf.eu

https://help.sap.com/docs/SAP_SUCCESSFACTORS_PLATFORM/d599f15995d348a1b45ba5603e2aba9b/af2b8d5437494....

Now let us go back to the Source System. Click on Identity Provisioning -> click on Source System -> click on the Source System service that you have set up -> click on Jobs tab -> Run Read Job or ReSync Job as per your requirements to provision SAP SuccessFactors users and roles to WorkZone (Navigation Service).

Image 38

The job should run successfully if the configuration is set up correctly. To view the job results, you can click on Identity Provisioning -> click on Provisioning Logs.

If you see a Successful message and if the Group and Users are Read/Created/Update, then we are good. 

                        nageshcaparthy_1-1716365071201.png

Image 38a


Well, it's now time to announce that you have set up your SAP SuccessFactors with Joule services with Navigation Patterns 😊.

Image 40

Congratulations!!! If you can see the Navigation arrows we have the settings successful.

Note: In case of any issues, please refer to the common issues blog - https://community.sap.com/t5/technology-blogs-by-sap/sap-btp-onboarding-series-joule-with-sfsf-commo...


==========================================================================

This blog is written with the support of our SAP Product Team and SAP BTP Onboarding Team.

Credits and shout out to harinder.singh.batra and chavi.singhal without which this blog could have not been possible. Appreciate all your support.

===========================================================================

Please visit the SAP Business Technology Platform Customer Onboarding Resource Center page for more information.

If you are just getting started, we have Onboarding Blogs:

Regards,

Nagesh Caparthy
Follow me on LinkedIn for the latest Updates on SAP BTP.
https://www.linkedin.com/in/nagesh-caparthy-027b7016/

31 Comments