SF HXM IT Landscape 1
SF HXM IT Landscape 1
4 Allow Listing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.1 Verify Akamai Allow Listing with a Browser. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2 Verify SFAPI/OData Allow Listing with a Browser. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3 Verify SFAPI/OData Allow Listing With CURL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.4 Allowlist Methods for Email from SAP SuccessFactors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Requesting a Key for Domain Key Identified Mail (DKIM). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Adding Listings for Sender Policy Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.5 List of SAP SuccessFactors API Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
7 Certificate Renewal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
An SAP SuccessFactors IT landscape check is a set of tasks and checks that Information Technology (IT)
professionals use to make sure that SAP SuccessFactors works well in their organization's software landscape.
SAP SuccessFactors is part of your IT landscape: all of the software tools you use, in the cloud and within your
organization. As an IT professional, you keep all parts of your IT landscape integrated, secure, and so on. SAP
SuccessFactors IT landscape checks are a set of instructions that we want you to be aware of, so you can keep your
organiztion's software landscape healthy.
Note
The leading practice checks from SAP SuccessFactors aren’t the only checks you run: your IT department likely
has its own checks.
To use SAP SuccessFactors HXM Suite, your users need common browsers, mobile devices, and plug-ins.
Most users experience SAP SuccessFactors through their mobile devices or through a web browser on their
workstations. In some specific cases, however, we do require additional systems and connectivity. We provide the
full list so that you can check user workstations and devices.
Oracle Java Runtime Environment (JRE) for SAP SuccessFactors [page 11]
SAP SuccessFactors requires JRE in these cases.
Supported Versions
• Google Chrome
• Microsoft Edge
We support browser versions that are still supported by their respective vendors. If your browser version is no
longer supported by the vendor, it may not be supported by SAP SuccessFactors.
Google, Apple, and Mozilla release continuous updates to their Chrome, Safari, and Firefox browsers. We make
every effort to fully test and support the latest versions as they’re released. However, if defects are introduced in
these OEM-specific browsers, we can't guarantee fixes in all cases.
Additional Information
Remember
We ended support for Internet Explorer 11 on November 19, 2021. Visit the SAP SuccessFactors Customer
Community blog Internet Explorer 11 Browser Deprecation – Innovation Alert for all the latest updates and
guidance.
Note
You can continue to use Internet Explorer 11 specifically for the Question Editor (QE) functionality until the
1H 2022 release. Administrators who want to use the QE must log into the administration environment with
Internet Explorer in both browser mode and document compatibility mode. Using the developer tools (press
F12), set browser mode to Internet Explorer 7 and document mode to Internet Explorer 7 standards.
Note
Stories in People Analytics work with the latest versions of Google Chrome and Microsoft Edge. For more
information, refer to System Requirements and Technical Prerequisites information in the SAP Analytics Cloud
Help guide.
Parent topic: Client-Side Requirements for SAP SuccessFactors HXM Suite [page 4]
Related Information
Supported Versions
• Safari by Apple
• Google Chrome for Android
• Google Android default browser
We support mobile browser versions that are still supported by their respective vendors. If your mobile browser
version is no longer supported by the vendor, it may not be supported by SAP SuccessFactors.
Additional Information
If you want mobile access, please use the SAP SuccessFactors Mobile Application. Not all features and tasks are
supported on mobile devices.
When using the Safari browser to access the SAP SuccessFactors HXM Suite on an iOS device, the following
settings are required. (These settings are not required if you use the SAP SuccessFactors Mobile App.)
For optimal performance while accessing SAP SuccessFactors Learning on a mobile device, we recommend using
the native mobile apps. If you use a mobile browser to accessLearning, we recommend using a landscape-oriented
tablet for the best experience. We don't support SAP SuccessFactors Learning Administration on mobile browsers.
Parent topic: Client-Side Requirements for SAP SuccessFactors HXM Suite [page 4]
Supported Versions
• Microsoft Windows
• Apple macOS
We support OS versions that are still supported by their respective vendors. If your workstation's OS version is
no longer supported by the vendor, it may not be supported by SAP SuccessFactors.
Parent topic: Client-Side Requirements for SAP SuccessFactors HXM Suite [page 4]
Related Information
Supported Configuration
Network bandwidth Recommended connection speed 300 - In general, HXM Suite requires no more
400 kbit/s bandwidth than is required to surf the
Internet. All application modules are de-
signed for speed and responsiveness
with minimal use of large graphic files.
Screen resolution XGA 1024x768 (high color) or higher For Stories in People Analytics, the
Widescreen resolution requirement is
1366x766 or higher.
Minimum recommended cache size 250 MB SAP SuccessFactors is a Web 2.0 appli-
cation. We recommend allowing browser
caching because we use it heavily for
static content such as image files, CSS
files, and JavaScript files. If you clear
your cache, the browser does not per-
form as well until the deleted files are
downloaded again to the browser and
cached for use next time.
JavaScript Enable
Cookies Enable web browser session cookies for Third-party cookies need to be enabled
authentication purposes
when using certain modules, such as
SAP SuccessFactors Learning, Stories in
People Analytics, and Workforce Analyt-
ics.
SAP SuccessFactors Learning can be launched from a third party site but must be launched in its own window. For
example, you can launch Learning from your corporate portal, but it must launch into its own window.
For using Stories in People Analytics on Microsoft based Operating Systems, the recommended power option is the
"High Performance" mode for improved Javascript performance.
Parent topic: Client-Side Requirements for SAP SuccessFactors HXM Suite [page 4]
Related Information
Transport layer security (TLS) TLS 1.2 Apple iOS 9.0 and later devices require
TLS 1.2 from the server.
Additional Information
The SAP SuccessFactors Mobile app is released every month, except for January. To ensure that all SAP
SuccessFactors Mobile app users can take advantage of data protection and privacy features, and the
latest security updates, features, and bug fixes, customers should ensure that employees' devices are set to
automatically upgrade (or have a process to upgrade employees' devices) to the most current release of the Mobile
app. Releases of the Mobile app are available by downloading the app through the Apple App Store and Google Play
Parent topic: Client-Side Requirements for SAP SuccessFactors HXM Suite [page 4]
Related Information
Additional Information
To use general functionality, HXM Suite does not require you to install any plug-ins or JRE on end-user systems.
Note
Due to recent changes in Java security policy and Oracle's introduction of the JRE security baseline concept,
you may have to upgrade your client JRE to the most recent version so that these JRE-dependent functions
work correctly.
Related Information
Parent topic: Client-Side Requirements for SAP SuccessFactors HXM Suite [page 4]
Related Information
Except as indicated below, SAP SuccessFactors supports the following document types: BMP, CSV, DOC, GIF, HTM,
HTML, JPEG, JPG, PDF, PNG, PPT, RTF, TXT, XLS, XML. In addition,SAP SuccessFactors Learning supports XLSX
and DOCX.
CSV, PDF, PPT, XLS, Online only CSV, DOC, DOCX, CSV, PDF, PPT, XLS, CSV, HTML, PDF PDF, PPT, PPTX,
XLSX PDF, PPT, XLS, XLSX, Word
XLSX
Parent topic: Client-Side Requirements for SAP SuccessFactors HXM Suite [page 4]
Related Information
Our products are guided by the Web Content Accessibility Guidelines (WCAG) 2.0 Level AA and the harmonized EN
301 549 including WCAG 2.1 Level AA. Detailed documents, such as the Voluntary Product Accessibility Template
(VPAT), are available from your account executive upon request.
Note
Parent topic: Client-Side Requirements for SAP SuccessFactors HXM Suite [page 4]
Related Information
Determine whether your network supports the optimal application performance by using the SAP SuccessFactors
Diagnostics tool.
Context
In general, SAP SuccessFactors HXM Suite requires no more bandwidth than is required to surf the Internet. All
application modules are designed for speed and responsiveness with minimal use of large graphic files.
Procedure
Use the same domain of the URL that you use to access the SAP SuccessFactors solutions.
2. Go to the Tests section of the tool and run the bandwidth test.
Results
The tool returns your network bandwidth. If it is below 300 Kbits per second, it is highlighted in red. When it is
below 300 Kbits per second, the performance of the application is compromised. To optimize the performance,
contact your IT support to increase the network bandwidth.
Click each of these URLs from within your corporate network to test if your allowlist and blocklist enable SAP
SuccessFactors to work with Akamai.
Procedure
https://validate-akamai.successfactors.com/akamai/validateAkamai.html
https://validate-akamai.successfactors.eu/akamai/validateAkamai.html
https://validate-akamai.sapsf.eu/akamai/validateAkamai.html
https://validate-akamai.sapsf.com/akamai/validateAkamai.html
https://validate-akamai.sapsf.cn/akamai/validateAkamai.html
After clicking each of the links, you should see a success message that reads Akamai validation completed
successfully!
Next Steps
If you do not get a message that says Akamai validation completed successfully!, then the Akamai connection
wasn't successful. Check your allow and deny lists to make sure that you can reach the domains below. Work with
your IT infrastructure team to add them to your list of domains that employees are allowed to visit (the allowlist).
• successfactors.com
• sapsf.com
• successfactors.eu
• sapsf.eu
Click each of these URLs from within your corporate network to test if your allowlist and blocklist enable SAP
SuccessFactors API calls from within your network using your browsers.
Procedure
For example, if you look up your data center domain and your domain is successfactors.com, then you
paste https://test.successfactors.com/domain/validation.html.
3. Press ENTER to go to the site.
If you’re able to reach the domain, you see a success message that reads Testing is successful.
Next Steps
If you don't get a message that says Testing is successful, then the API connection wasn't successful. Check your
allow and deny lists to make sure that you can reach the API Domain. Work with your IT infrastructure team to add
it to your list of domains that employees are allowed to go outbound from your network.
Related Information
If you are triggering API calls to SAP SuccessFactors from a third party, or outside of a browser, you can use CURL
to verify that you can connect.
Prerequisites
Download and install CURL, a common utility for making command-line HTTP calls.
For example, if you are calling from a third party server, open a terminal on the server.
2. Type CURL https://test.<your API domain>/domain/validation.html.
Next Steps
If you don't get a message that says Testing is successful, then the API connection wasn't successful. Check your
allow and deny lists to make sure that you can reach the API Domain. Work with your IT infrastructure team to add
it to your list of domains that employees are allowed to go outbound from your network.
Related Information
To prevent email spam, spoofing, social engineering, phishing attacks, and to make sure that your own spam filters
don't filter valid messages from SAP SuccessFactors, use an allowlist method for the email senders.
Use one of the following methods so that your email servers can distinguish valid email sent by SAP
SuccessFactors from email social engineering attacks like phishing and spoofing. These methods identify the
origins of SAP SuccessFactors email so that your system can trust them. If you don't use one of the methods we
describe, you might:
• Inadvertently filter out valid SAP SuccessFactors emails. Your spam filters or other security systems won't
recognize our email messages as valid. They could be blocked or go to quarantine depending on your
configuration.
• Receive email that looks like it’s coming from SAP SuccessFactors but is in fact spoofed by a third party
engineering an attack.
Restriction
We no longer advocate for single sender as a leading practice for resolving spoofing issues. In some cases, if
you use single sender, your email can be blocked.
Domain Key Identified Mail (DKIM) allows senders to associate a domain name with an email message to validate
its authenticity with a key. SAP SuccessFactors can configure DKIM for your system. We provide you with the public
key and manage the key.
Sender Policy Framework (SPF) verifies that the sender IP Address is allowed to send email from a domain against
the Domain Name System (DNS). SAP SuccessFactors sends email from a set list of IP addresses. When you add
them to your SPF configuration, you verify that the SAP SuccessFactors is the true sender of email from SAP
SuccessFactors domains.
To use Domain Key Identified Mail (DKIM) with SAP SuccessFactors, you request a key from cloud services.
Prerequisites
Procedure
The SAP SuccessFactors team returns the key to you or seeks additional information or policy clarification.
3. Use the key in your DKIM TXT record.
4. Update the ticket to let SAP SuccessFactors know that you have added the key.
If you elect to use Sender Policy Framework (SPF) to prevent spam and spoofing from SAP SuccessFactors, you
must add a Domain Name System (DNS) listing that matches your data center.
Prerequisites
Before you can add the DNS listing for SPF, you must know your data center. If you don’t know your data center,
you can ask support.
Context
Sender Policy Framework (SPF) operates with Domain Name System (DNS). We’ve registered the IP addresses of
our email servers. You include that registry so that your system recognizes the IP addresses as valid senders.
As an alternative, use Domain Key Identified Mail (DKIM). DKIM is independent of data center numbers because it
uses a key in the message header. We manage the private key and provide you with the public key. If you move to a
new data center, we manage the key so that your service isn't interrupted.
Restriction
We don’t support IP addresses in URLs as part of our reference architecture. Use domain names instead. If you
think you have a special case that requires IP addresses instead of domain names, contact Product Support.
Procedure
In your DNS, add the line include:_spf-dc<data center number>.sapsf.com where <data center
number> is the data center of your SAP SuccessFactors system.
For example, a company in data center 60 adds the following (where <other includes> are all the other include
statements for all other registered domains):
Sample Code
Related Information
Learn about the API servers of your company instance and how to construct the endpoint URLs.
Restriction
We don’t support IP addresses in URLs as part of our reference architecture. Use domain names instead. If you
think you have a special case that requires IP addresses instead of domain names, contact Product Support.
API Servers
Here's a list of API servers and mTLS certificate servers for SAP SuccessFactors data centers. Use search and filter
to find the corresponding servers for your company.
To view the timezone information of an API server, go to your company login page or open your account on the
header bar after login, and choose Show version information.
mTLS Certifi-
Data Center Environment Platform Location API Server cate Server
DC2 (DC57) Sales Demo Google Cloud Eemshaven, The https:// https://
Platform Netherlands apisalesdemo2.successfactor apisalesd
s.eu/ emo2.cert
.successf
actors.eu
When using Integration Center, we have a set of policies that define URL usage - and usage of integration center in
general. Integration center is a hub of your enterprise with SAP SuccessFactors.
You can enter the File Server Settings, File Name and Folder Settings, and Advanced Settings on the Source Settings
page for the input source of the integration. These settings are required for your integration to run successfully.
Field Description
SFTP Server Host Address Enter the Domain name/internet address and port of the SFTP
server.
Port For new integrations, you can't edit the SFTP port value. The
port value is set to 22 by default.
SFTP User Name Enter the User name for the SFTP account.
Note
You can use the period '.' character, the underscore '_'
character, and the hyphen '-' character to create your
SFTP User Name.
SFTP Password Enter the password for the SFTP account. This field supports
alphanumeric characters that are case sensitive. This field
does not support special characters (@,#,$%,^,&*).
Authentication Key From this dropdown you can select any previously generated
SSH key or the No key Authentication option. This key is used
for authentication while writing to the Destination. If you want
to generate a new SSH key, click Generate SSH Key option
which navigates you to the page where new SSH keys are gen-
erated.
Field Description
File Name Prefix Enter the name of the template to be used as the file name.
This name must be the same as the file in SFTP location.
For example:
Note
1. Make sure that the case used in the extension of
the SFTP File Name Prefix is consistent with the File
Extension field. For example, if you select the File
Extension as csv, then the extension in the File Name
Prefix should be .csv.
In case you type in any other extension, it should
match the case of the actual file extension in the SFTP
directory.
For example, if you enter CSV in the File Extension
field, then the extension in the SFTP File Name Prefix
should be .CSV.
2. Integration Center does not support blank space
and any other special character other than '_' (under-
score) in the file name.
File Extension Select or enter an extension of the file, excluding the period.
This extension must be the same as the extension of the file in
SFTP location.
Note
If the outbound file is encrypted and saved with the ex-
tension csv, then in inbound integration, you need to en-
ter csv.pgp in the File Extension field. This will fetch the
csv.pgp file from SFTP location. Also, make sure to provide
the Decryption key in the Advanced Settings section with
the file extension as csv.pgp.
File Folder Enter the folder name from which the files have to be picked.
Processing Folder Enter the folder name to which the file is moved to after it is
read or processed. Note that write privileges to the folder are
required.
Note
The processing folder is mandatory if the File Name Prefix
field contains wildcard characters.
Advanced Settings
Field Description
Enable Diagnostics Select this checkbox to save the source data of your integra-
tion in JSON format as a zip file to specified SFTP destination
folder, after executing the integration.
Note
Selecting this option may affect performance.
Authentication Key Select the authentication key from the dropdown to get au-
thentication so that you can write to the destination and imple-
ment single sign-on by the system administrators or power
users.
File Decryption Select the decryption key from the dropdown to decrypt the
file when reading from the source.
After entering the valid entries, click Next. You will now be on the Scheduling page. See Scheduling your Integration
section for more details.
After you schedule the integration, click Next. You will now be on the Review and Run page. See About Review and
Run section for more details.
The time synchronization check assures that SAP SuccessFactors is synchronizing to a standard service so that all
times in your enterprise are aligned.
In modern computer networks time synchronization is critical because every aspect of managing, securing,
planning, and debugging a network involves determining when events happen. Time also provides the only frame of
reference between all devices on the network. Without synchronized time, accurately correlating log files between
these devices is difficult, even impossible.
• It is necessary to consider clock synchronization of the cloud service customer’s systems with cloud
service provider’s systems, which run the cloud services used by the cloud service customer. Without such
synchronization, it can be difficult to reconcile events on the cloud service customer’s systems with events on
the cloud service provider’s systems.
• Tracking security breaches, network usage, or problems affecting a large number of components can be nearly
impossible if timestamps in logs are inaccurate. Time is often the critical factor that allows an event on one
network node to be mapped to a corresponding event on another.
• To reduce confusion in shared filesystems, it is important for the modification times to be consistent,
regardless of what machine the filesystems are on.
• Billing services and similar applications must know the time accurately.
Network Time Protocol (NTP) is a protocol used to synchronize computer clock times in a network. It belongs to
and is one of the oldest parts of the TCP/IP protocol suite. The term NTP applies to both the protocol and the
client-server programs that run on computers.
Stratum Level
Network Time Protocol is a hierarchical protocol and is divided into stratum which define the distance from the
reference clock. A reference clock source that relays UTC (Coordinated Universal Time) time and has little or no
delay is known as a stratum-0 device.
Depending on where your SAP SuccessFactors system is hosted, it can synchronize time from one of these
speciific NTP services.
The SAP Converged Cloud NTP Service gets the time from the regional ntp.org pools. For example, for the ap-
au-1 region, 0-3.au.pool.ntp.org is used, and for the eu-de-1 region, 0-3.de.pool.ntp.org is used.
If your SAP SuccessFactors system is hosted on a hyperscaler platform, you can synchronize the clock of your local
IT system to one of the below NTP services, depending on your configuration.
Hyperscaler Name
If you receive certificate renewal notification and if you’re using a SAP SuccessFactors integration with SAP or
Non-SAP application through APIs (SFAPI/OData API/Adhoc API), then renew the certificates to assure continued
service.
Your internal IT resources conduct certificate renewals. Certificates are used for the SSL/TLS handshake for
secure system protocols before allowing connection to or from the system. SAP SuccessFactors requires an SSL
handshake for any system to connect.
• Update the SAP SuccessFactors Domain certificate for API endpoint URL.
• Check the list of potential certificate information. 2533915
Renew your certificate as soon as possible. You can maintain both the old certificate and the new one at the same
time on your middleware storage so that you don’t have down time at the transition. After the transition, you can
remove the old certificate. You can read about both the timing of the certificates and the certificates themselves in
2533915 . Take note of the following milestones in the policy:
• When SSL Certificate Renewal Notifications are published before the certificate expiration date.
• When we initiate the deployment process before the certificate expiration date.
• When the certificate is available before expiration.
• When you receive a final notification before the deployment of the certificate.
• You’re using our APIs (SFAPI/Odata API/Adhoc API) and have an integration scenario in your SAP
SuccessFactors instance.
• You’re using middleware for your integration.
• The SAP SuccessFactors API domain for which the certificate is being renewed (*.successfactors.eu) is same
as the domain you’re using to access/connect to SAP SuccessFactors API server using API URL as the
endpoint URL.
Note
If you use SAP Business Technology Platform, if you already installed the SAP SuccessFactors root certificate
in your tenant, then you aren't impacted.
You’re responsible for certificate upload, even if you’re using middleware supported by SAP.
Single-Sign On
This certificate renewal is for API integrations and doesn’t affect Single-Sign On (SSO).
If the certificate renewal is for the *.successfactors.com/eu domain, then SAP SuccessFactors Learning isn't
impacted.
If the certificate renewal is for *.plateau.com then SAP SuccessFactors Learning is impacted.
Related Information
In SAP SuccessFactors, cookies are created in different modules for different usages and purposes. Find out what
cookies are available for each solution in the SAP SuccessFactors HXM Suite.
SAP SuccessFactors Platform cookies are placed for every use of an SAP SuccessFactors Platform module.
Additional cookies can be set if a module has features that are built on a different application server environment.
In case of integration with other SAP cloud solutions or SAP solution extensions provided by third-party vendors,
additional cookies might be required by these solutions. If a third-party cookie is present, it's indicated in the
Purpose and Usage column in the cookie list.
For more information about first-party and third-party cookies, see the Related Information section.
SAP SuccessFactors Learning is a loosely coupled module provided from a different application server
environment. Therefore, Learning manages a set of separate cookies.
In SAP SuccessFactors Recruiting, additional cookies are used in career sites built with Career Site Builder.
SAP SuccessFactors Onboarding is provided from a different application server environment. Therefore,
Onboarding manages a set of separate cookies.
SAP SuccessFactors Workforce Analytics is provided from a different application server environment. Therefore,
Workforce Analytics manages a set of separate cookies.
SAP SuccessFactors Employee Central Payroll integrates with SAP systems. Additional cookies are placed when a
user connects to an SAP ABAP system.
SAP SuccessFactors People Analytics consumes services provided by other applications. Therefore, additional
cookies are placed when such services are invoked.
Cookies are small files placed on your device (computer, tablet or smartphone). When you access a website, a
cookie is placed on your device and it will send information to the party that placed the cookie. This topic explains
different types of cookies and the attributes that define them.
Our websites may place session and persistent cookies on your device. The difference between a session and a
persistent cookie relates to the length of time the cookie lasts. Session cookies are cookies that typically last for
as long as you are using your browser, or browser session. When you end your browser session, the cookie expires.
Persistent cookies, as the name implies, are persistent and will last after you close your browser. This allows for
quicker and often more convenient access to our websites.
Cookie security
Our web servers make sure that sensitive cookies are sent securely and free from unintended access and scripts by
setting the HttpOnly and Secure attributes.
• The HttpOnly attribute guarantees that cookies can't be accessed from scripts on the client side.
• The Secure attribute ensures that cookies can only be sent through secure channels, such as https.
Cookie domain
The SameSite attribute allows web servers to specify whether a cookie can be used across different domains. The
possible values are:
SAP websites have first-party cookies and SAP sometimes allows third parties to place cookies on your device. The
difference between a first-party cookie and a third-party cookie relates to who places the cookie on your device.
First-party cookies are cookies that are specific to the website that created them. These cookies enable SAP to
operate an efficient service and to track patterns of user behavior to SAP websites.
Third-party cookies are placed on your device by a third party (that is, not by SAP). While SAP might allow third
parties to access SAP websites to place a third-party cookie on your device, SAP does not retain control over the
information supplied by the cookies, nor does SAP retain access to this information. This information is controlled
wholly by that third party according to the respective privacy policy of the third party. These cookies may change as
the third parties make changes to their applications without notifying SAP.
Related Information
Some columns are hidden by default. Choose Show/hide columns to display them.
HXM Session Yes Yes None No Internal traffic routing. When a Browser
route
Suite
user vis- session
its a
page.
HXM
JSESSI Session Yes Yes None No Used to keep the login infor- When a Browser
Suite
ONID mation. browser session
session
starts.
HXM
ECJSES Session Yes Yes None No Used to keep the login infor- When a Browser
Suite
SIONID mation like JSESSIONID, user session
except this cookie is for Em- uses an
ployee Central. Em-
ployee
Central
function-
ality.
HXM
zsessi Session Yes Yes None No Cross application session When a Browser
Suite
onid management. browser session
session
starts.
HXM
BIGipS Session No No None No Internal traffic routing. When a Browser
Suite
erver browser session
Note session
cated by route.
HXM
Optier Persis- No No No Troubleshooting and analy- Created 30 sec-
Suite
RQUUID tent sis. for every onds
page re-
sponse.
HXM
cookie Session Yes Yes No Used for clickjacking filter. When a Browser
Suite
_click browser session
The cookie keeps a security
jack_t session
token for clickjacking pre-
oken starts.
vention.
HXM When a
loginM Configu- Yes Yes None No Authentication. PWD:
Suite user logs
ethodC rable The cookie indicates in.
browser
ookieK session
whether the login method is
ey SSO or PWD. SSO: 2
years
HXM
deepli Session Yes Yes No Deep link redirection. When a Browser
Suite
nkCook user di- session
ieKey rectly ac- or after
cesses a the redi-
page rection
through for au-
a deep thentica-
link tion oc-
where curs
authenti-
cation is
required
for the
page.
The
cookie is
removed
after the
redirec-
tion for
authenti-
cation
occurs.
HXM
assert Persis- Yes Yes None No Authentication. Created 2 years
Suite
ingPar tent The cookie is used to keep
when
tyCook SAML
the SAML asserting party
ieKey SSO is
name. The value is provided
used.
by customer. Normally, it
is a domain name used to
identify the party.
HXM
ms_coo Session No No No Used for Media Service. When a Browser
Suite
kie_se Media session
This cookie is used to de-
t Service
tect if a browser allows
widget is
third-party cookies when a
ren-
widget is rendered in iFrame
dered.
mode. The value is boolean.
HXM
bizxCo Persis- Yes Yes No To remember the company Created 1 year
Suite
mpanyI tent ID of the current login. when a
d valid
company
is pro-
vided by
the user.
HXM
bizxTh Session Yes Yes No To remember the logged- Created Browser
Suite
emeId in user's preferred theme when a session
ID, whose corresponding user logs
theme data contains logo in or
information. When the user changes
logs out or loses the login the
session in a browser ses- theme.
sion (such as a browser
window), the server knows
what the user's preferred
theme is.
page>- sponse.
markFr
omServ
er
HXM
perflo Session No No No Used for trouble shooting When the Browser
Suite
g- and analysis. user session
versio adds the
n query
parame-
ter ?
perflo
g-
versio
n to the
URL.
Learning
BIGipS Session No Used for internal traffic Set by Browser
erverP routing. the VIP in session
_<labe the Ops
l>- land-
scape.
<port>
Learning
DEEP_U Session No To support deep link to pa- When a Browser
RL ges with SSO. user di- session
rectly ac-
Expires
cesses a
immedi-
page
ately
through
a deep
link
where
authenti-
cation is
required
for the
page.
The
cookie is
only valid
for the
redirec-
tion and
expires
immedi-
ately.
Learning
JSESSI Session Yes Yes No Used for session manage- When a Browser
ONID ment. user vis- session
its the
Learning
site.
Learning
SKIP_L Session No Used for maintenance man- When a Browser
MS_MAI agement. user vis- session
NT_NOT its the
IFY Learning
site dur-
ing the
mainte-
nance
period.
Learning
SITE_I Session No To keep track of the current When Browser
D Learning external site ID. user session
uses the
Learning
external
site func-
tionality.
Learning PSA_ST Session Yes Data provided for external Configu- Browser
UD_ID content. rable session
PSA_CU
The login student ID By de-
RRENT_
( PSA_STUD_ID ) fault,
STUD_I
D The current student ID these
Learning
loginM Session No To keep track of the cur- When a Browser
odeCoo rent login mode, whether it user logs session
kie is native login or integrated in.
login.
Learning
TENANT Session No Akamai authentication When Browser
_AUTH_ cookie for iContent hosted user session
COOKIE courses. launches
the iCon-
tent
courses.
Recruit-
JSESSI Session Yes Yes No Career Site Builder cookie. When a Browser
ing
ONID user vis- session
Single cookie placed on the
its a Ca-
users device during their
reer Site
session so the server can
Builder
identify the user.
site.
This cookie replaces the
RMK0, RMK1, and RMK4
cookies.
Recruit- Load bal- Session No Career Site Builder cookie. When a Browser
ing new user
ancer session
Cookie for session sticki- visits a
cookies.
ness preventing a user from Career
The load bouncing from one instance Site
Builder
balancer to another. Typically issued
site.
cookie by F5.
names
differ in
each
data cen-
ter and
are only
present
in the
Preview
environ-
ment.
Here are
a few ex-
amples:
PERSIS
T (Rack-
space)
cookie
_j2w
(DC10,
DC12)
BIGipS
erver~
partit
ion-
saas_p
rod-
<DC
number
>_stag
ing_lb
-<rand
om
key>
(DC17,
DC19,
and all
new DCs
online af-
ter
DC19)
Note
Present only if the third-
party applications are
configured.
Note
Present only if the third-
party applications are
configured.
Recruit- No
1P_JAR Session Yes Yes Third-party cookie set by When a Browser
ing
Google. user logs session
in to the
Used to save user preferen- 30 days
External
ces and other information. depend-
career
ing on
See Google Analytics site.
the
Cookie Usage on Web-
cookie
sites for more informa-
choice of
tion.
a user in
browser.
Recruit- No
CONSEN Session Yes Yes Third-party cookie set by When a Browser
ing
T Google. user logs session
in to the
Used to save user preferen- 2 years
External
ces and other information. depend-
career
ing on
See Google Analytics site.
the
Cookie Usage on Web-
cookie
sites for more informa-
choice of
tion.
a user in
browser.
Onboard- Session Yes Yes None No Standard ASP.NET cookie When Browser
Sessio
ing user logs
nId for application server ses- session
into the
sion management.
Onboard-
ing site.
Onboard- Session Yes Yes None No Standard ASP.NET cookie When Browser
.ASPXR
ing user logs
OLES used to cache role names. session
into the
Onboard-
ing site.
Onboard- Session Yes Yes None No Standard form authentica- When Browser
QASF_S
ing user logs
F tion ticket cookie. session
into the
Onboard-
ing site.
Onboard- Session Yes Yes None No Stores the last logged-in ac- When Browser
LAST_A
ing user logs
CCOUNT count name. session
into the
_SFQA Onboard-
ing site.
Onboard- Session Yes Yes None No Used to make sure When Browser
_REDIR
ing user logs
ECTCOO sessionId cookie is al- session
into the
KIE_ ways new when user logs in. Onboard-
ing site.
Onboard- Session Yes Yes None Yes Stores encrypted User- When Browser
LOGIN_
ing user logs
DETAIL Name, ProxyUserName, Lo- session
into the
cale, and referrer URL infor-
S Onboard-
mation from HXM Suite. ing site.
Onboard- Persis- Yes Yes None No Standard Sharepoint cookie When 5 days
FedAut
ing
h tent in Employee Portal. It con- user logs
tains a reference to the into Em-
SAML token that Share- ployee
Point stores in its token Portal.
cache. The SAML token
contains the claims issued
to the user by any external
identity and federation pro-
viders, and by the internal
SharePoint security token
service (STS).
r-80 Work-
force An-
alytics
URL.
Em-
SAP_SE Session Yes Yes None No Security session logon When a Browser
ployee
SSIONI ticket. user logs session
Central
in.
Payroll D_<Sys
See 1899896 for more
tem_id information.
>_<sys
tem_cl
ient>
Em-
MYSAPS Session Yes Yes None No SAP proprietary login ticket When a Browser
ployee
SO2 for authentication. user logs session
Central
in.
Payroll
Em-
cookie Persis- Yes Yes No Used for user login session When a 3 mi-
ployee
_payro tent stickiness. user nutes
Central
opens
Payroll ll
the Em-
ployee
Central
Payroll
URL.
Em- Session Yes None No Persists login language and When a Browser
sap-
ployee
userco login client during session. user logs session
Central
in.
Payroll ntext
People Session Yes Yes No For People Analytics inte- When a Browser
SAC-
Analytics
OEM- gration. user cre- session
AUTHTO ates, ed-
KEN its, or
runs a
Story re-
port in
Report
Center.
People Session Yes Yes No For People Analytics inte- When a Browser
SAC-
Analytics
OEM- gration. user cre- session
CSRFTO ates, ed-
KEN its, or
runs a
Story re-
port in
Report
Center.
People Session Yes Yes No BIRT server session man- When a Browser
JSESSI
Analytics
ONID agement. user runs session
(BIRT a Table
Server) report in
Report
Center.
Related Information
If you use SAP SuccessFactors Learning and you integrate with structured content providers or online meeting
software, review our standards for the content and integration.
With SAP SuccessFactors Learning, you can take advantage of structured content (like SCORM) and integrate with
online meeting software to hold virtual, in-person training.
• If you work with a third-party vendor for structured content, they should provide the structured content in a
recent standard that we support.
• If you plan to integrate with online meeting software and take advantage of the SAP SuccessFactors Learning
Virtual Learning System (VLS), select a supported vendor.
SAP SuccessFactors Learning supports these versions of structured online leaning content.
• AICC
• SCORM 1.2
• SCORM 2004 2nd Edition
• SCORM 2004 4th Edition
SAP SuccessFactors supports these virtual meeting rooms for virtual classrooms.
For cloud software, we support the most recent software available during our testing cycle. However, cloud vendors
ensure that APIs are backwards compatible with earlier versions of their cloud software. This means that Learning
and cloud software integration tested with one version shouldn’t break when a new version of the cloud software is
released.
Note
For Adobe meeting room software, we support Adobe Connect Meetings, not Seminars or Webinars.
For Cisco Webex, we support Cisco Webex Site Administration and Cisco Webex Control Hub.
Additional Information
Virtual meeting software provides a space for virtual classrooms in SAP SuccessFactors Learning. Users can join
the virtual meeting room to interact with an instructor and classmates. The clients install in a standard way, as if
users clicked a meeting invitation link in an email message.
2H 2023
1H 2023
Changed We removed the mention of Safari by Ap- Supported Desktop Browsers for SAP
ple as a supported browser for Story Re- SuccessFactors [page 4]
ports.
Changed We removed a note that says Microsoft Supported Desktop Browsers for SAP
Edge isn’t tested for Workforce Analytics, SuccessFactors [page 4]
Strategic Workforce Planning, and Online
Report Designer.
Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:
• Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your agreements
with SAP) to this:
• The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.
• SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.
• Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering an SAP-hosted Web site. By using such links,
you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this information.
Example Code
Any software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax and
phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of example
code unless damages have been caused by SAP's gross negligence or willful misconduct.
Bias-Free Language
SAP supports a culture of diversity and inclusion. Whenever possible, we use unbiased language in our documentation to refer to people of all cultures, ethnicities, genders,
and abilities.
SAP and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP
SE (or an SAP affiliate company) in Germany and other countries. All
other product and service names mentioned are the trademarks of their
respective companies.