Preparing For Implementation Config Guide
Preparing For Implementation Config Guide
2 Preparing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1 ERP HCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Create Technical Communication User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Authorization Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Obtain Signed Client Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Employee Central. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
SAP SuccessFactors Provisioning Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
API Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Creating a User for Activation of SAP Best Practices Content. . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Provide Role-Based Permission Access for Activation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Manage Upgrade Center Admin Permission. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Migrate Picklists from Legacy to MDF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Activate Best Practices Content from Upgrade Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3 Implementing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1 Technical Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
SAP SuccessFactors Employee Central. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Setup SF API User Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Set up SF API Permission Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Enhance Administrator Permission for Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.2 Replication Target System Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.3 Permission Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
This guide describes the activities you need to carry out before you implement the SAP Best Practices for SAP
SuccessFactors Employee Central Integration package, everything from setting up the system to deploying the
business content.
A communication user must be created in the SAP ERP HCM system for technical communication between the
ERP system and Cloud Platform Integration account as a system or communication user.
1. In your SAP ERP HCM system, access the transaction using one of the following navigation options:
2. On the User Maintenance: Initial Screen, enter a <User Id> for your technical user, for example,
SF_COMM.
3. Choose Create.
4. On the Logon Data tab, choose the entry B (System), as User Type.
5. On the Roles tab, assign the user roles described in the next section Authorization Roles [page 4] to the
user.
6. Save your user.
2.1.2 Authorization Roles
The following roles specific to integration and migration need to be provided to the technical communication
user created in the previous step. These roles also need to be provided to users who are testing and executing
the migration and replication reports.
• SAP_HR_SFIOM_PROCESSING
• SAP_HR_SFIOM_WEBSERV
• SAP_HR_SFI_EMPL_DATA_REPL
In addition, the user customizing the technical settings would require access to the generic roles (if not already
provided by the system administrator) to carry out customizations in the Configuration guides.
• SAP_BC_WEBSERVICE_SERVICE_USER
• SAP_BC_CUS_CUSTOMIZER
• SAP_ABAP_CHANNELS_ADMIN
• SAP_BC_CTS_ADMIN
The client certificate for the ERP system must be signed by one of the certifying authorities, which is trusted by
the load balancer. Further information can be found on the Load Balancer Root Certificates Supported by SAP
page.
The client certificate needs to be imported to the ERP system using the transaction STRUST (Trust Manager).
In addition, the certifying authority’s root certificates and other certificates must also be imported to the Cloud
Platform Instance, if not done already.
You must have access to SAP SuccessFactors Employee Center provisioning to perform the configuration
for the instance. As a customer, you do not have access to Provisioning. To complete tasks in Provisioning,
contact your implementation Partner. If you are no longer working with an Implementation partner, contact
SAP Support.
In the SAP SuccessFactors instance, the following provisioning switches need to be checked in the Company
Settings of your company:
Note
If the SAP Best Practice pre-configured instance has been copied, all Employee Central related switches are
disabled by default and need to be enabled again.
If the instance was not copied, most of the provisioning settings will already be enabled in your company
based on the licensing.
Check the below listed switches and enable the missing one based on your scope.
Note
For utilizing the search capabilities (control + F) in Provisioning, the exact text of the setting is listed.
Enable Advances — requires “Employee Central V2 (that is Event Reason Derivation)”, “Enable Generic Enabled
Objects”, “Enable Deductions Management”, “Effective Dated Data Platform”, “Employee Profile data audit”
and “Enable the Attachment Manager”
Enable Deductions Management — requires “Employee Central V2 (that is Event Reason Derivation)”, Enabled
“Enable Generic Objects”, “Effective Dated Data Platform”, “Employee Profile data audit” and “Enable the
Attachment Manager”
Enable Cost Distribution — requires “Employee Central V2 (that is Event Reason Derivation)”, “Enable Ge Enabled
neric Objects”, “Effective Dated Data Platform”, “Employee Profile data audit” and “Enable the Attachment
Manager”
Caution
For existing customers, by switching on this feature via the Upgrade Center, the old direct-deposit-
based UIs, APIs and objects will be irreversibly deactivated. New Payment Information is integrated
into Employee Central Payroll. Integration scenarios towards 3rd party systems utilizing the old direct
deposits APIs might no longer work. Check in advance and inform customers that they might need
to migrate existing 3rd party integration scenarios to the new APIs, for example, compound employee
API or OData API.
Switch Action
Enable Payroll Integration (Valid for SAP Payroll in ERP Systems) — requires “Enable Generic Objects”, Enable
“Enable Translation of Employee Central Foundation Objects”, “Enable the Attachment Manager” and
“Employee Central Foundation Objects”
Caution
Furthermore this SAP Best Practices content requires the latest user interface for the employee profile –
People Profile.
2.2.2 API Permissions
Use
In this activity, you create a user to run and check the upgrades for the related SAP Best Practices scope if not
yet available in the system.
Note
We recommend using only one User ID with a valid e-mail address to activate the SAP Best Practices
content. Thus, you avoid changing ownership during the activation.
1. Log in to SAP SuccessFactors Provisioning for your instance using the following link:
Link https://<server>.successfactors.com/provisioning_login
Admin Password Enter password. This password needs to be changed with the first login to a password
that is suitable to your company policy
Admin First Name Enter the first name for the admin user
Admin Last Name Enter the last name for the admin user
Caution
Enter a valid e-mail address. All logs and status updates regarding the implementation will be send via
e-mail to this e-mail address.
Use
This section describes the set-up steps necessary to allow the previous created user to manage the role-based
permission access.
For implementing the SAP Best Practices for Employee Central, some basic permissions are needed to run the
activation and to check the result. Only for this purpose create an SAP Best Practices Upgrade Center Admin
role and group as described below.
Note
This role and group is only needed for the implementation of the SAP Best Practices scope and can be
deleted after the finalization.
If the picklists in the Employee Central instance are not already migrated to MDF picklists, the following steps
need to be followed for picklist conversion prior to activating SAP Best Practices content.
The following upgrade center items need to be activated to enable Best Practices:
Procedure
STATUS active
USERID SFAPI
USERNAME SFAPI
FIRSTNAME User
LASTNAME SFAPI
MANAGER NO_MANAGER
HR NO_HR
DEPARTMENT N/A
JOBCODE N/A
DIVISION N/A
LOCATION
IP address restrictions If you need to restrict IP addresses, consult the Regions page.
Administrator Permissions
8. Choose Done.
9. Choose Save Changes.
External Code <Logical system of the Employee Central Payroll system> for example: <ERP
SID>CLNT<CLNTID>
6. Choose Save.
Note
If the Replication Target System node is not available under Admin Center → Manage Data, enabling Payroll
Integration is necessary under Provisioning Access. Refer to SAP Note 2246342 for further details.
SAP Best Practices SFAPI API Login Permission Permission for API access for Employee Central
User Role
Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:
• Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your
agreements with SAP) to this:
• The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.
• SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.
• Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering an SAP-hosted Web site. By using
such links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this
information.
Example Code
Any software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax
and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of
example code unless damages have been caused by SAP's gross negligence or willful misconduct.
Bias-Free Language
SAP supports a culture of diversity and inclusion. Whenever possible, we use unbiased language in our documentation to refer to people of all cultures, ethnicities,
genders, and abilities.
SAP and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP
SE (or an SAP affiliate company) in Germany and other countries. All
other product and service names mentioned are the trademarks of their
respective companies.