The SuccessFactors connector, used for communication between SAP Identity Management and SuccessFactors systems, is now enhanced to support mutual Transport Layer Security (mTLS) authentication. This change is determined by the announced retirement plan for HTTP Basic Authentication method for accessing APIs in SAP SuccessFactors. For more information, see Deprecation of HTTP Basic Authentication for APIs.
The mutual Transport Layer Security (mTLS) establishes an encrypted TLS connection, in which both parties use X.509 certificates to authenticate and verify each other. It provides an additional layer of security and that is the reason to be proved as the more secure authentication option.
To take advantage of the new authentication method, follow the procedure below.
First, you have to generate a certificate. You have two options to accomplish this step – via SAP for Me, which we recommend, or via SAP Cloud Identity Services- Identity Authentication service.
If you decide to use SAP for me, you should execute the steps described in SAP Note 3469904 . After you have successfully generated a certificate, extract the certificate trust chain from it.
In case you choose to generate your certificate via SAP Cloud Identity Services – Identity Authentication service, you should execute Step 6 from the procedure described in Add System as Administrator.
We have reached the moment to upload your certificate to your SAP SuccessFactors system. Login to the system and navigate to Admin Center > Security Center > X.509 Public Certificate Mapping. Select the Add button, complete the required fields and choose Save.
For more information, refer to Upgrade to X.509 Certificate-Based Authentication for Incoming Calls.
After this is fulfilled, you should adapt your existing SuccessFactors repository. To get all new constants, you should re-import the com.sap.idm.connector.sfsf connector package.
Until now, only basic authentication was possible, so after the package import, your repository probably looks like this:
Once you switch to authentication with mTLS, you would no longer need the constants SFSF_PASSWORD and SFSF_USER. Instead, you should put the path to the newly created certificate and its password. At the end, your repository constants should look like this:
Congratulations, you are officially using the newly introduced authentication method for provisioning between SAP Identity Management and your SuccessFactors system.
For more details around this change, you can check Setting Up a SuccessFactors System.
Any question or feedback will be appreciated!
The SuccessFactors connector, used for communication between SAP Identity Management and SuccessFactors systems, is now enhanced to support mutual Transport Layer Security (mTLS) authentication. This change is determined by the announced retirement plan for HTTP Basic Authentication method for accessing APIs in SAP SuccessFactors. For more information, see Deprecation of HTTP Basic Authentication for APIs.The mutual Transport Layer Security (mTLS) establishes an encrypted TLS connection, in which both parties use X.509 certificates to authenticate and verify each other. It provides an additional layer of security and that is the reason to be proved as the more secure authentication option.To take advantage of the new authentication method, follow the procedure below.First, you have to generate a certificate. You have two options to accomplish this step – via SAP for Me, which we recommend, or via SAP Cloud Identity Services- Identity Authentication service.If you decide to use SAP for me, you should execute the steps described in SAP Note 3469904 . After you have successfully generated a certificate, extract the certificate trust chain from it.In case you choose to generate your certificate via SAP Cloud Identity Services – Identity Authentication service, you should execute Step 6 from the procedure described in Add System as Administrator.We have reached the moment to upload your certificate to your SAP SuccessFactors system. Login to the system and navigate to Admin Center > Security Center > X.509 Public Certificate Mapping. Select the Add button, complete the required fields and choose Save. For more information, refer to Upgrade to X.509 Certificate-Based Authentication for Incoming Calls.After this is fulfilled, you should adapt your existing SuccessFactors repository. To get all new constants, you should re-import the com.sap.idm.connector.sfsf connector package.Until now, only basic authentication was possible, so after the package import, your repository probably looks like this:Once you switch to authentication with mTLS, you would no longer need the constants SFSF_PASSWORD and SFSF_USER. Instead, you should put the path to the newly created certificate and its password. At the end, your repository constants should look like this:Congratulations, you are officially using the newly introduced authentication method for provisioning between SAP Identity Management and your SuccessFactors system.For more details around this change, you can check Setting Up a SuccessFactors System.Any question or feedback will be appreciated! Read More Technology Blogs by SAP articles
#SAP
#SAPTechnologyblog
+ There are no comments
Add yours