Scribd
Upload
106 views14 pages

SAP SuccessFactors With Basic Auth

The document provides instructions for setting up SAP SuccessFactors single sign-on integration with Beekeeper. This involves creating a new user in SuccessFactors and configuring permissions for API access and user data retrieval.

Uploaded by

bs9rbxmddn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
106 views14 pages

SAP SuccessFactors With Basic Auth

The document provides instructions for setting up SAP SuccessFactors single sign-on integration with Beekeeper. This involves creating a new user in SuccessFactors and configuring permissions for API access and user data retrieval.

Uploaded by

bs9rbxmddn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

SAP SuccessFactors with basic auth

To get the SAP SuccessFactors (SF) integration up and running, we need user credentials.
This means we need our customer to create a new user in SF with the minimal permissions
required to fetch users.

New User
To start, go to the Admin Center and create a user (click Update User Information and Add
New Employee).

The specific details don’t matter, but we recommend you set the user’s name to something
like “Beekeeper Connector”.
Once the user has been created, go back to the Admin Center. We’re going to reset our new
user’s password, so in the “Manage Employees” section, click “Reset User Passwords”.
Search for our new user (as below), click “Search Users”.

Select the result you want (it’s an easily-missed radio bubble), and then enter in a new,
secure (preferably auto-generated) password. Make sure you record the password to share
with us later. You’ll also want to take note of the username of this user, which is
conveniently available in the search.
If the process worked, you’ll see a message like “1 users passwords have been reset”, as
below.
Permission Group
Now return to the Admin Center and click on Manage Employees > Set User Permissions >
Manage Permission Groups.
Click “Create New” to make a new Permission Group. Name the permission group
“Beekeeper Connector Permission Group” and assign it to the “Beekeeper Connector” user
we created earlier.
Once you’re finished, click “Done” to create the Permission Group.

Permission Role
Finally, head back to the Admin Center and click on Manage Employees > Set User
Permissions > Manage Permission Roles. On that page, click “Create New” and name your
role “Beekeeper Connector Permission Role”, as below.

You will first need to enable API usage. To do so, click “Permission..” and grant the
following permission:

Manage Integration Tools(under Administrator Permissions) > Admin access to OData API
Please note that the permission “Admin access to OData API” has a misleading name: It
only enables the use of the API. It will NOT grant access to any data by itself, and you will
still have to explicitly grant access to users and user profile fields to be able to fetch that
data through the API, as well as to any other entities like Payroll or other. The permissions
required are:

• Admin access to MDF OData API: The MDF permission allows us to track
modification dates of metadata fields, which enables partial synchronization.
• For the integration to work, you will need to grant at least “Employee Central
Effective Dated Entities > Personal Information Actions (View Current) and
Employee Data > Biographical Information ” permissions as access to the current
values of all the fields that you would like to be synchronized to Beekeeper, for
example:
o Employee Central Effective Dated Entities > Last Name (View Current)
o Employee Data > Original Start Date (View)
o Employee Central Effective Dated Entities > Last Name (View Current)
o Employee Data > Termination Date (View)

In the end, the permissions should look something like this, depending on which fields are
needed:
Now, under “Grant this role to…”, click “Add…” to associate our Permission Group to our
Permission Role.
Click “Select…” and select “Beekeeper Connector Permission Group”. Then hit Done on
both screens.
Finally, click “Save Changes”.
Password Expiration Settings
(Recommended)
This step is optional but recommended to ensure uninterrupted synchronisation. Once you
have created a successful SAP user for Beekeeper, you can extend the default password
expiration time.

The first step is to type "password" in the search bar.


Next click on the button "Add" in the "Set API login
extensions..."

Then select the Beekeeper username created in SAP to fetch the data. In our particular case
it's 103223, but in your system this should be a different number.
The parameter Maximum password age is calculated in days. Here you can type for
example 365 (a year). Finally set the IP range to 1.1.1.1-255.255.255.255 (our IP range is
dynamic so you should specify the entire range).

Finally, click on "Save & Close" in order to save the password settings.

And now you’re good to go!

What should I send to Beekeeper?


Beekeeper needs a few credentials to connect to SAP:

• The username of the Beekeeper Connector user


• The password for the Beekeeper Connector user
• Your SAP Company ID
• The API URL used to connect to the SuccessFactors instance (e.g.
https://apisalesdemo4.successfactors.com)

Uninstalling the SAP SuccessFactors


Integration
If the app is uninstalled in Beekeeper, you should also revoke the permissions of the
Beekeeper Connector Permission Role that we created in SAP.

Important Notice:

Access to APIs based on HTTP Basic Authentication will reach end of maintenance on May
26, 2023 and will be deleted on November 20, 2026.

You might also like