Creating a Custom OAuth Application
Creating a Custom OAuth Application
If you are not using Basic authentication or Azure AD authentication, you must authenticate to SAP SuccessFactors via a custom OAuth application, and you must acquire a SAP SuccessFactors access token. After you register an OAuth client, any user of the registered client can use it to connect to SuccessFactors HCM Suite.The following procedures are executed in the SAP SuccessFactors Admin Console.
- Create an API Administrator role and assign them permissions for an RBP system:
- From the Admin Manage Permission Roles tab, create a role named "API Administrator".
- At the Manage Integration Tools link, select Manage OAuth2 Client Applications.
The admin console displays a new link, Manage OAuth2 Client Applications. If you are using the new admin tools, this link displays under the Company Settings category. In the older admin tools interface, the link displays under Integration Tools.
- Grant permissions for a user-based system:
- From the Admin Menu, navigate to Manage Security > Administrative Privileges.
- For the user you are logged in as, look under Integration Tools and select Access to OAuth 2 Management.
The admin console displays a new link under Integration Tools, where you can register your OAuth client.
- Register the custom OAuth client:
- Log into your application instance with an administrator account.
- From the Admin menu, navigate to Manage OAuth2 Client Applications > Register New Client Application.
- Complete the fields to configure the new application, and register it.
- Update your connection properties as detailed in Establishing a Connection.
Acquiring an Access Token
The way you acquire an access token depends on whether you want to connect to SAP SuccessFactors via SAML2, or via an LMS (Learning Micro Services) module.
SAML2
- AuthScheme: OAuthSAML2.
- URL: The URL of the server hosting Success Factors. Some of the servers are listed here.
- CompanyId: Your company's unique identifier.
- User: The username of your account.
- OAuthClientId: The API Key generated in API Center.
- PrivateKey: The path of the certificate you downloaded when you registered your OAuth Client Application, or the base64-encoded content of the certificate.
- PrivateKeyType (optional): PEMKEY_FILE by default. If PrivateKey is set to the base64-encoded content of the certificate, set this field to PEMKEY_BLOB.
- InitiateOAuth: GETANDREFRESH.
LMS Module
- AuthScheme: OAuthClient.
- URL: The URL of the server hosting Success Factors. For LMS, specify the full URL including the service name. Some of the servers are listed here.
- CompanyId: Your company's unique identifier.
- User: The username of your account.
- OAuthClientId: The generated Client Id for SuccessFactors Learning System.
- OAuthClientSecret: The generated Client Secret for SuccessFactors Learning System.
- InitiateOAuth: GETANDREFRESH.