Integrate SAP SuccessFactors Employee Central with Okta
If this is the first time you have integrated SAP SuccessFactors Employee Central with Okta, you should review Get started with SAP SuccessFactors Employee Central integration.
- Add the SAP SuccessFactors Employee Central appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. to Okta if it has not been added previously:
- On the OktaAdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, click Applications.
- Click Add Application.
- In the Search for an application field, enter success.
- Select Add for SuccessFactors
- In the General Settings page, enter your company ID in the Company ID field. You can get this value from your sign in URL. For example, https://acme.successfactors.com/login?company=ACME123456789.
- Complete the remaining fields and click Next.
- In the Sign On Methods section of the Sign-On Options pane, select a sign on option. If you select SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. 2.0, click View Setup Instructions and follow the instructions.
- Click Done.
- If you added the SAP SuccessFactors Employee Central app previously, on the OktaAdmin Console click Applications and select SuccessFactors in the list of applications.
- Click the ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications. tab, click Configure API Integration, and select the Enable API Integration check box.
- Complete these fields:
Base URL for Web Service: Enter the API base URL. This is not your sign in URL. See Successfactors API URLs for different Data Centers.
Admin Username: Enter the SAP SuccessFactors Employee Central administrator user name.
Admin Password: Enter the SAP SuccessFactors Employee Central administrator password.
Pre-Start Interval: Optional. Enter the number of days before their start date an employee should be considered active.
Post-Termination Interval: Optional. Enter the number of days after termination an employee should be considered active.
Import Contingent Workers: Optional. Select this option to import contingent workers and full time employees.
Import GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.: Optional. Select this option to import groups.
Optional. Click Test API Credentials to test the API integration.
- Click Save.
- Optional. Change the Okta to SAP SuccessFactors Employee Central provisioning settings:
- Click the Provisioning tab and select To App in the SETTINGS list.
- Select the Enable check box for Update User Attributes to update a user's attributes in SAP SuccessFactors Employee Central when the app is assigned.
If you cannot select the Enable check box, contact Okta support and ask to have the functionality enabled.
- Click Save.
- Optional. Change the SAP SuccessFactors Employee Central to Okta provisioning settings:
- Select To Okta in the SETTINGS list.
- Click Edit in the General, User Creation & Matching, or Profile & Lifecycle Mastering sections and edit the fields.
The default for Okta user names is email-formatted. SAP SuccessFactors Employee Central does not have a specific user name format requirement and this default format is automatically applied:
appuser.person___logon_user_name + "@" + orgThe Okta container that represents a real-world organization..subdomain + ".com"
- Click Save.
- Optional. Assign users to the SAP SuccessFactors Employee Central app. See Assign and unassign apps to users.