GRC Integration with SuccessFactors EC Using IAG Bridge Concept
The below steps will provide the insight on how GRC AC will integrate with IAG and SAP SF EC for user creation and provisioning.
Overview
1. Setup SuccessFactors System for IAG Provisioning
I. The SF system needs to be setup and enabled for Oauth2 through “Manage Oauth2 Client Application”
– Go the Link click on Register Client Application
II. Once you click on Register in new box please provide below details
Company = SF Compony ID
Application Name: The IAG system you want to Connect (This should be defined Individually more like an RFC name for IAG)
Description = Put Description
Application URL = URL for IAG BTP
Bind to User = Should be Checked
User IDs= User ID created in SF for connection
III. Click on “Generate X.509 Certificate
IV. There will be a new Pop-Up Screen Only field you need to Maintain there is
Common Name (CN)= OAuth
V. Click Generate, then Download a copy of the X.509 certificate on your machine.
Open the certificate file using notepad (or any such app). The X.509 certificate has 2 parts – the private key and the certificate. We shall copy and paste the characters between —–BEGIN ENCRYPTED PRIVATE KEY—– and —–END ENCRYPTED PRIVATE KEY—– in the next step
Click Register.
VI. Go into the OAuth application now and take note of the API secret key.
2. Create Connection between SuccessFactors and IAG System:
I. Create Destination
Login to SAP BTP of IAG and create Destination with properties.
II. Find out API key and Private Key from SuccessFactors:
We need to configure the SF EC system to able to communicate through API. This Setup should be done through “Manage Oauth2 Client Application” as explained above
Name =SuccessFactorsEC
Type =HTTP
DescriptionURL= Enter the URL for the SuccessFactors system API Service such as <https://apisuccessfactors.com/>
Proxy Type InternetAuthentication= BasicAuthentication (Select BasicAuthentication for the OAuth option.)
For seeting up OAuth, refer to Authentication Using OAuth 2.0.User*= (Enter the authenticated user for SuccessFactors system followed by Company ID such as) <UserID@CompanyID>
APIKey =To obtain these property values, refer to Manage OAuth2 Client Applications in SuccessFactors Admin Center.Private Key=This is the Private Key in SAP SF Manage Oauth2 Client Application
Password =Enter any characters to save the entries
**Use default JDK truststore checkbox is checked**
3. Run the repository Sync Job from IAG to SF
Make sure the Job brings Roles and user from SF system to IAG, review these in IAG Tiles “Access Maintenance” and “Maintain User Data”
4. Add SF system in GRC AC
I. SPRO –> Governance, Risk and Compliance –> Common Component Settings –> Integration Framework –> Maintain Connectors and Connection Types
a. Add Connector
b. Define Connector Group
c. Assign Connectors to Connector Groups
II. SPRO –> Governance, Risk and Compliance –> Common Component Settings –> Integration Framework –> Maintain Connection Settings
Add for all 5 scenarios (Scenario-Connector Link)
III. SPRO –> Governance, Risk and Compliance –>Access Control –> Maintain Connector Settings (Maintain Connector Setting)
IV. SPRO –> Governance, Risk and Compliance –>Access Control –> Maintain Mapping for Actions and Connector Groups
Assign default connector to connector group
5. Run the Repository Sync in GRC AC
This needs to be scheduled in IAG Job SCheduler as per desired time.
Please refer below Note 2215682 to for more information on SF setup which is required.
