Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
jtamrakar
Participant
1,455

Introduction:


I am here again to share experience from project. Customer is implementing SuccessFactors Recruiting Marketing for both Internal and External Employees and requirement is to restrict contingent workers to access Internal Career Site.

All employees including contingent workers will be synced in SAP Identity Authentication Services (IAS) as contingent workers will be accessing all SuccessFactors modules except Internal Career Site and authentication will be done in SAP Identity Authentication Services (IAS). Contingent workers can be restricted to access SuccessFactors Internal Career Site via SAP Identity Authentication Services (IAS).

 

Prerequisites:



  1. Identity Authentication Service (IAS) for SAP SuccessFactors is enabled.


Check SAP blog to enable SAP Cloud Platform Identity Authentication through Upgrade Center:


https://blogs.sap.com/2020/09/25/integrate-sap-successfactors-solutions-with-sap-cloud-platform-iden...




  1. IAS is setup for SuccessFactors Internal Career Site


https://blogs.sap.com/2022/07/03/setting-up-ias-for-recruiting-internal-career-site/


 

Process steps:


Step 1: Create a User Group in SAP Identity Authentication Services (IAS) as an administrator.





    • Login into SAP Identity Authentication Services

    • Goto “Users & Authentications”

    • Select “User Groups” option and click on “Create” button

    • Provide Group Name, Display Name and Description





IAS - Create User Group



Step 2: Create Risk-Based Authentication Rule in SAP Identity Authentication Services.





    • Goto “Applications & Resources”

    • Select “Applications” option

    • Select “Career Site Builder” application from Bundled Applications

    • Click on “Authentication and Access” tab





 



    • Click on “Risk-Based Authentication” option

    • Click on “Create Rule” button

    • Select “User Groups” option and click on “Create” button

    • Update “Action = Deny”

    • Select “Group = ContingentWorker”, created in previous step.

    • Click on “Create” button






    • Maintain “Default Action = Allow”





IAS - Risk-Based Authentication 2


 

Step 3: Find out field in SuccessFactors OData API.


Check SAP handbook for OData API SAP SuccessFactors HXM Suite OData API: Reference Guide (V2).


If field is available in OData API then it can be utilized in Identity Provisioning Services (IPS) Transformation logic to filter contigent worker and add them in right group.



OData API - isContingentWorker



Step 4: Find out query URL to understand how to write the transformation logic and understand where this field is available like in PersonKeyNav etc.





    • Login into SuccessFactors

    • Search Integration Center in Search Tool

    • Select “My Integration” option

    • Click on Create -> Schedule Simple File Output Integration -> Select the fields for query -> click on Select button





Integration Center - Create Query



Integration Center - Select fields






    • Click on “Save” button and select “Export Integration Specification”





Integration Center - Export OData API Query






    • It will generate OData API Query file





Integration Center - OData Query


 

Step 5: Write Transformation logic in Identity Provisioning Services (IPS) – Source System.





    • Login into Identity Provisioning Services (IPS) as an administrator.

    • Goto “Source System”

    • Select “SuccessFactors” as source system

    • Click on “Transformations” option

    • Add the code as highlighted below in screen shot where “custom07” is field (is contingent worker) in EC with User record and “ADP_ID” is variable to hold the field value.





IPS - Source - Transformation Logic


 

Step 6: Write Transformation logic in Identity Provisioning Services (IPS) – Target System.





    • Goto “Target System”

    • Select “Identity Authentication Services” as target system

    • Click on “Transformations” option

    • Add the code as highlighted below in screen shot where if “ADP_ID” value is “true” then employee will be added in Identity Authentication Services (IAS) User Group (in our case User Group = ContingentWorker).





IPS - Target - Transformation Logic


 

Step 7: Update User attribute in Identity Provisioning Services (IPS) – Source System.





    • Goto “Source System”

    • Select “SuccessFactors” as source system

    • Click on “Properties” option

    • Add “custom07” field in sf.user.attribues property.





IPS - User Attribute


 

Step 8: Run the “Read” job to update the employees in right group.


 

Conclusion:


With this process and transformation logic contingent worker will be restricted to access SuccessFactors Internal Career Sites.

Thanks for the read! I will be happy to address any further question in the comments.

See you soon with a new blog!
Labels in this area