Human Capital Management Blogs by SAP
Get insider info on SAP SuccessFactors HCM suite for core HR and payroll, time and attendance, talent management, employee experience management, and more in this SAP blog.
cancel
Showing results for 
Search instead for 
Did you mean: 
Anton_Mavrin
Product and Topic Expert
Product and Topic Expert
1,027
In addition to my previous blog post about syncing SAP Enable Now Cloud user accounts with MS Azure AD, this one will explain, how one can do it with Okta IdP. I'll try my best to keep it short and crisp. 😉

So, the script has been updated, and now it supports MS Azure AD and Okta. Also, the information about deactivated SAP Enable Now accounts is being saved to the log file, and one will always see who end when was deactivated by the script.

Setup Steps in Okta


Login to your Okta Portal Administration Interface, navigate to Security - API, and select the Tokens Tab. Then click the Create Token button. The script uses the Core Okta API and retrieves the information only from the Users API. As Okta grants the API Token the same permissions as the administrator has who created this token, then for security reasons it makes a perfect sense to generate this token being logged in with the Administrator account who has lesser permissions than the Super Admin. Please find a link to the official Okta guide about creating API Tokens.


API token in Okta created and active


Save the API Token Secret, as you won't be able to retrieve it again! To connect to the Okta Users API the script needs the Token Secret, and your Okta URL.

Setup Steps in the Script


Step 1. Download the script from the GitGub repository

Step 2. In the script's root folder find the .env file and add the information there about your Okta IdP and SAP Enable Now systems. Do not modify variable names.

  • OKTA_URL - Your Okta URL

  • OKTA_KEY - API Token Secret that you created earlier

  • SEN_URL - Your SAP Enable Now system URL

  • SEN_USER - Your local SAP Enable Now Account with permissions to manage user accounts.

  • SEN_PWD - Password for the SAP Enable Now account.



.env with required parameters


Step 3. Select the scheduled run time for the script in the index.js file. It’s in 24 hr format. For testing purposes, set it 1-3 mins ahead of your current time.


The script is scheduled to run daily at 2 AM


Step 4. Run the npm package manager from the script root directory to get the required dependencies
npm install

Step 5. Run the script using the command
node . --sync okta

Step 6. If all parameters in the .env file were set correctly, enjoy the result in the console


as well in the senSync.log file that is located in the logs folder


Finally, the account status in the SAP Enable Now is always synced with your Okta (or MS Azure AD).

Stay curious 😉

Anton.
1 Comment