- Overview
- Configuration
SAP SuccessFactors
Automate user lifecycle management with SAP Successfactor - ADManager Plus integration
Achieve seamless SAP Successfactors to Active Directory integration using ADManager Plus. The integration of SAP SuccessFactors with ADManager Plus enhances your organization’s ability to streamline user lifecycle management by automating user provisioning. By automating key processes and ensuring real-time synchronization, this integration not only boosts operational efficiency but also strengthens compliance and security within your IT environment.
Hands-free user provisioning and deprovisioning
Automate user provisioning and deprovisioning across enterprise applications to cut down HR waiting time and to streamline identity life cycle management.
Real-time notifications
Draft custom notifications and alert stakeholders via email and SMS every time a user account is created, modified, or deleted.
How to configure SAP SuccessFactors integration in ADManager Plus
Configuration Document: Integrating SAP SuccessFactors with ADManager Plus
Pre-requisites:
SAP SuccessFactors uses API Keys to authorize API requests.
Privileges:
To import users (inbound action): Ensure the account/ API Key used for authorization has permission to read all user accounts.
To perform any action or query in SAP SuccessFactors (outbound action): Ensure the account used for authorization has permission to perform the desired action.
Note: ADManager Plus comes with preconfigured set of APIs that helps perform basic actions with the integration. If the action you require is not available, please gather the necessary API details from SAP SuccessFactors API documentation to configure under inbound/outbound webhooks to perform the required actions.Authorization configuration
- Log in to ADManager Plus and navigate to Directory/Application Settings.
- Go to Application Integrations, then search and select SAP SuccessFactors.
- Toggle the Enable SAP SuccessFactors Integration button on.
- In the SAP SuccessFactors Configuration page, click Authorization.
- Obtain the value for the key x-api-key from your Successfactor instance and enter it in the Value field.
- Click Configure
Inbound webhook configuration
Inbound webhook enables you to fetch user data from SAP SuccessFactors to ADManager Plus. The attribute mapping configured in this section can be selected as the data source during automation configuration. To configure an inbound webhook for SAP SuccessFactors:
- Under Inbound Webhook, click SAP SuccessFactors Endpoint Configuration.
- In the Endpoint Configuration tab, an endpoint, SAP SuccessFactors USERS ENDPOINT, comes preconfigured with an Endpoint URL, API Method, Headers, and Parameters fields to fetch user accounts from SAP SuccessFactors. If you would like to use this preconfigured endpoint, replace "Yourhost" with the subdomain of your Successfactor instance. However, if you would like to use a new endpoint to import users, you can configure one using the + Add API endpoint button and filling in the required fields as per SAP SuccessFactors's API references. Click here to learn how.
- The API key value pair is preconfigured as a header for authenticating API requests as configured during Authorization Configuration.
- Macros: Explain about macros how they can use these to dynamically change the endpoint to meet their requirement.
- Refer to SAP SuccessFactors's API references and configure additional headers and parameters, if required.
- Once done, click Test & Save. A response window will display all the requested parameters that can be fetched using the API call. After verifying if the requested parameters have been called to action, click Proceed.
- Refer to SAP SuccessFactors's API references to know the Parameters that must be configured to fetch only specific parameters.
- You can configure multiple endpoints for SAP SuccessFactors using the + Add API endpoint button. Click here to learn how.
- Click Data Source - LDAP Attribute Mapping to match endpoints and to map AD LDAP attributes with the respective attributes in SAP SuccessFactors.
- Click + Add New Configuration and perform the following:
- Enter the Configuration Name and Description and select the Automation Category from the drop-down menu.
- In the Select Endpoint field, select the desired endpoint and a Primary Key that is unique to a user (e.g. employeeIdentifier). Note: When multiple endpoints are configured, this attribute must hold the same value in all the endpoints.
- In the Attribute Mapping field, select the attribute from the LDAP Attribute Name drop-down menu and map it with the respective column in SAP SuccessFactors.
- If you would like to create a new custom format for this, click Add New Format.
- Click Save.
- Configure an automation with the required action, repeat frequency and the above configured attribute mapping configuration.
Note:
Note:
Outbound webhook configuration
Outbound webhook enables you to update the changes made in AD using ADManager Plus to SAP SuccessFactors and synchronize them with AD. To configure an outbound webhook for SAP SuccessFactors:
- Under Outbound Webhook, click SAP SuccessFactors Webhook Configuration.
- Click + Add Webhook.
- Enter a name and description for this webhook.
- Decide on the action that has to be performed and refer to SAP SuccessFactors's API references for the API details, such as URL, and the headers, parameters, and other requirements that will be needed.
- Select the HTTP method that will enable you to perform the desired action on the endpoint from the drop-down menu.
- Enter the endpoint URL.
- Configure the Headers, Parameters, and Message Type in the appropriate format based on the API call that you would like to perform.
- Click Test and Save.
- A pop-up window will then display a list of AD users and groups to test the configured API call. Select the desired user or group over which this API request has to be tested and click OK. This will make a real time call to the endpoint URL and the selected objects' will be modified as per the configuration.
- The webhook response and request details will then be displayed. Verify them for the expected API behaviour and click Save.
- The configured webhooks can be integrated into Orchestration Templates—enabling scheduled or event-driven automation—to consecutively perform the action configured in the outbound webhook among of actions on a group of users or on individual users. Note: Use macros to send the data of the object on which the webhook is executed.
Actions supported
Upon integration, administrators can configure automations to carry out desired tasks. These automations can be monitored and controlled by implementing multi-level business workflows, which ensure that they are reviewed and approved before execution. The following actions can be automated:
- Create user accounts
- Modify user attributes
- Modify user accounts by Template
- Reset passwords
- Unlock user accounts
- Enable user accounts
- Disable user accounts
- Delete user accounts
- Run custom scripts
- Move users across groups
- Add users to groups
- Remove users from groups
- Create mailbox
- Disable or delete mailbox
- Move Home Folder
- Delete Home Folder
- Revoke Microsoft 365 licenses
- Manage users' photos
- Disable Lync accounts
- Configure auto reply settings