So recently I took part in an interesting exercise. (It wasn't walking from my desk to the beer fridge behind me, although that does seem to be about as much physical exercise that I get during lockdown). I took part in putting together what is know as an IDP or Implementation Design Principle.

Now before you interpret the title of this post to be me moaning _about_ the IDP process or concept, that's absolutely not the case! What the IDP provided was a constructive way to channel all that constructive criticism  (double constructive!) into something of value.

This was a interesting process with a series of workshops where the team from SAP were clever enough to have timers running to stop me from talking too long and we used a tool called Mural which allowed us to collaborate on shared "whiteboard".

Screen shot is actually from yet another IDP that I'm hoping to collaborate on creating - but you get the idea. If not check out this picture below - the idea is virtual sticky note heaven.


Anyway after a lot of discussions we eventually decided on looking at the problem of integrating employee details to and from SAP SuccessFactors to a corporate LDAP.


Since many of the companies that we work with use Microsoft Azure AD and Microsoft themselves had just introduced a new integration for SAP SuccessFactors <---> AAD we spent quite some time looking at this packaged integration and how it was implemented. Meetings were arranged and discussions had. And everyone learnt stuff (including the team from Microsoft.)


Eventually we decided we'd better write up what we'd been talking about for so long, so Amit, Arijit, Himadri, Praveen, Rupesh and myself were prodded non too gently by the SAP team to put down some ideas.

We came up with the shortest title for the thing we built, which will still probably hold the record for the longest IDP title for quite some time.

SAP SuccessFactors Integration Patterns – Bidirectional Identity Integration with Microsoft Azure Ac...

good eh?

Other than insisting that everyone spell "Organisation" with an "s" and not a "z" - I did a lot of ninja editing on the document, including ensuring everyone kept up with all the latest names for the various SAP products mentions... I got expound on why the Microsoft solution might not work for you (I love a good moan!) but whilst it's important to understand what a solution does, it is equally important as a solution architect to understand what it does not do an cannot do. Also nice to know how you can work around some of those limitations.

Hence the title of this post

In a nutshell...


  • Photos - can they be supported in the standard Microsoft Azure AD integration - Both AAD and SuccessFactors have photos... so what do you think?

  • Do your users have more than one email address? Is there anything you need to consider?

  • Are you special? I mean, is your business special, do you have data in SuccessFactors that needs to be in Azure AD but you wouldn't really call it standard HR data?

If any of these questions pique your interest the detail is in the IDP! We're going to have a video session where we'll all get together virtually and explain all that we've written about which should either be fun, or a totally natural replacement for sleeping tablets - we haven't done it yet so I can't comment. Possibly number 1, I hope so!

There is also a LOT of other detail in the IDP some of which I added, most of which was added by my co-authors. It's been interesting working with other partners rather than in competition with them!

Anyway - hope you found this somewhat interesting, the whole IDP process has been likewise.

If there is any chance that you might add some diversity to the characters who put this IDP together, please, please get involved in the next opportunity to provide feedback to SAP SuccessFactors. The more diverse the input the better the result!




Here's a link back to the main blog post -


