In this blog post of Part 1 you will learn about setting up SAP Success Factor Work Zone with your SAP Success Factor tenant pre-requisites steps.
SAP SuccessFactors Work Zone is a solution available through SAP SuccessFactors and offers a prepackaged experience specifically to address the needs of HR organizations based on SAP Work Zone. The SAP SuccessFactors Work Zone solution is a superset of SAP Work Zone plus additional functionality such as workflow and mobile services.
SAP SuccessFactors Work Zone offers the following extended capabilities:
-
UI integration cards
Preconfigured cards that provide direct integration into SAP SuccessFactors application to surface relevant employee-centric information and support a deep link into the SAP SuccessFactors HXM Suite in one click. You can use integration cards to display information from SAP SuccessFactors applications on a unified page, such as employee profile, organization chart, and time off balance.
-
Guided experiences
Workflow-based cards that help you go through otherwise complex process that could span multiple different systems. You can use guided experiences to perform some tasks, such as giving a spot award to recognize your colleague, or develop a return-to-workplace plan after COVID-19.
-
Workspace templates
Configurable templates for a variety of purposes including a variety of pre-defined cards. You can use these templates to create workspaces conveniently.
Part 1 : Configuration Pre-Requisites for Steps Of SAP Success Factor Work Zone Setup –
- Subscribe to SAP SuccessFactors Work Zone
- Configure Trust Between SAP Cloud Identity – Identity Authentication and SAP BTP, Cloud Foundry Environment
- Create Groups in the Identity Authentication Service and Assign Users
- Create a Role Collection for Accessing XSUAA
- Map Identity Authentication Groups to a Role Collection
- Create Service Key & Service Instance for SAP Success Factors Work in your SAP BTP Subaccount
- Connect your Subaccount to IPS
Part 2: Configuration Pre-Requisites before running Work Zone Configurator-
There are two ways to do the Pre-Requisites of Work Zone Configuration as mentioned below –
- Create a new tenant.
- Create a tenant based on an existing SAP Jam tenant.
Here we will go with Option 1 for doing the Pre-Requisites for Work Zone Configurator.
Below are the required steps involved while going with Option 1 i.e. Create a New tenant –
- Create a Destination to SAP SuccessFactors.
- Set up Environment.
- Configure IAS and IPS service for Source & Target System.
Part 1 Setup Process Initialized :
- Subscribe to SAP SuccessFactors Work Zone –
In SAP BTP cockpit, go to the Instances and Subscriptions screen of your subaccount, click Create, and add a subscription to the SAP SuccessFactors Work Zone service.
- Configure Trust Between SAP Cloud Identity – Identity Authentication and SAP BTP, Cloud Foundry Environment
- In the SAP BTP cockpit, go to
2. Choose the option that is applicable to you:
- Subaccounts running on Feature Set A: Set all active trust configurations to inactive, including the default trust configuration to SAP ID Service.
- Subaccounts running on Feature Set B: You can’t deactivate the default identity provider. Instead, edit this entry and disable the options Available for User Logon and Create Shadow Users During Logon.
In our case Subaccounts running of Feature Set B so disable the option Available for User Logon and Create Shadow Users During Logon i.e. uncheck the boxes.
3. Exchange the metadata files between SAP BTP and the Identity Authentication service as described below :
- Login to the IAS admin console & navigate to Application and Resources —>Tenant Settings—>SAML 2.0 configuration to download the metadata of your IAS tenant by clicking on Download Metadata File.
- Now Login to your SAP Success Factor Work Zone BTP Subaccount & navigate to Security —>Trust Configuration to add New Trust Configuration.
- Choose New Trust Configuration & click on Upload to upload the metadata file downloaded in above step.
- Click on Save.
- In the cockpit, download the service provider SAML metadata file. Open the link https://<subaccount_subdomain>.authentication.<region_host>/saml/metadata
<subdomain> is part of the subaccount details in the cockpit.
<region_host> is the API endpoint without api.cf..
- When you are prompted, save the XML file on your local file system. This file contains the SAML 2.0 metadata describing SAP BTP as a service provider.
- Now in IAS Applications & Resources –> Applications
- Configure the SAML 2.0 trust with the subaccount as a service provider. To do so, proceed as follows:
4. In the Identity Authentication service, go to +Add to add a new application from type SAP BTP Solution.
, and click5. Open the SAML 2.0 Configuration editor of the application you’ve created, and paste the service provider metadata file that you’ve downloaded from the configurator.(Screenshot below). Save your changes.
6. Open the Subject Name Identifier editor of the application, and change the basic configuration attribute from User ID to User UUID & Save.
7. Click Assertion Attributes.
-
- Click +Add.
- Add the user attribute Groups from the list.
- In the Assertion Attribute column, change the value groups to Groups (must start with an upper case letter), and save.
- Add another Assertion Attributes
- Click +Add.
- Add the user attribute User UUID with the value user_uuid.
8 .Click Default Attributes.
- Click +Add.
- Add a new attribute Groups (must start with an upper case letter) with the value Workzone_User_Type_${type}.
- Add another Default Attributes
- Click +Add
- Add a new attribute sfsf_userid with the value ${customAttribute}
- Create Groups in the Identity Authentication Service and Assign Users
- Login to your IAS Admin console.
- Click on Users and Authorization —> User Groups
- Choose the User Groups tile.
- Click + Add to add the following groups:
- Workzone_Admin
- Workzone_Area_Admin
- Workzone_Support_Admin
- Workzone_Page_Content_Admin
- Workzone_End_User
- Workzone_User_Type_public
5. Choose the User Management tile.
6. Assign yourself to the Workzone_Admin group.
- Create a Role Collection for Accessing XSUAA
In this step, you’ll create a role collection for accessing XSUAA, which is required for setting a trust.
- In the SAP BTP cockpit of your subaccount, go to .
- Click New Role Collection.
- Specify a name such as XSUAA_Access_RoleCollection, and click Save.
- Edit the new role collection, and in the Roles section, select the role name XSUAA_Access from the list.
- Click Save.
- Map Identity Authentication Groups to a Role Collection
- In the SAP BTP cockpit, go to .
- Click the Active trust configuration link.
- Go to the Role Collection Mappings screen.
- Add a new role collection mapping. In the dialog that opens, select a role collection and assign it to an Identity Authentication group In the Attribute field enter Groups :
- Create Service Key & Service Instance for SAP Success Factors Work in your SAP BTP Subaccount
Navigate to instance & Subscriptions , click on Create to create Service Key & Service Instance.
- Connect your Subaccount to IPS
SAP SuccessFactors Work Zone uses the Identity Authentication service as the user management system, and the Identity Provisioning service as the user provisioning system.
To be able to use Identity Provisioning for user and user group provisioning, complete the following procedure:
- In the SAP BTP cockpit, , open the Subscriptions tab.
- Click the SAP SuccessFactors Work Zone entry, and then select Go to Application. next to the
- In the Work Zone Manager, open the Settings screen from the left-side menu.
- Go to the Identity Provisioning tab, and click the Connect button.
- If your subaccount is not yet connected to the Identity Provisioning service, a new tenant will be created for your subaccount, and it will include the SAP SuccessFactors Work Zone connectors. In addition, a connection will be created between the Identity Authentication service and the Identity Provisioning service.
- If your subaccount already has an Identity Provisioning tenant connected to the Identity Authentication service, clicking Connect will expand the scope of the tenant to include the SAP SuccessFactors Work Zone connectors.
In case of not getting connection kindly raise an OSS to SAP to connect it under component “EP-CPP-CF-IPS”.
CONCLUSION –
This blog post provide steps to Configuration Pre-Requisites for Steps Of SAP Success Factor Work Zone Setup.
We have used these steps to configure our SAP Success Factor Work Zone with SAP Success Factor Sales4Demo Instance.
Dear Readers please provide your valuable feedback on this post in the comment section , as this will help me to improve upon my future posts.
Once Work Zone Configurator steps are done you will be ready to use your SAP Success Factor Work Product.
So Stay tuned !!!!!
Below is the link for Part 2 of 2 –
REFERENCE LINKS
https://help.sap.com/docs/WZ/b03c84105ff74f809631e494bd612e83/96b51b1aaf8349b5a053c56ec6d6fe19.html
I HAVE COME TO THE END OF THIS POST. HOPE THIS BLOG POST WILL BE BENEFICIAL FOR YOU.