Skip to Content

Extend SAP SuccessFactors on SAP BTP, Cloud Foundry Environment

Extend SAP SuccessFactors with the task management sample application for SAP SuccessFactors solutions running on SAP BTP, Cloud Foundry environment using automated integration configuration.
You will learn
  • How to extend the functionality of your SAP SuccessFactors system to manage different HR tasks
  • How to integrate an SAP SuccessFactors system to a global account in SAP BTP using automated configurations
  • How to adjust the single sign-on between the subaccount in SAP BTP and the SAP SuccessFactors system using a SAML identity provider to ensure the required security for accessing the extension application
ekaterina-mitovaEkaterina MitovaOctober 12, 2022
Created by
ekaterina-mitova
August 31, 2021
Contributors
ekaterina-mitova

Prerequisites

You can extend the functionality of your SAP SuccessFactors system with an extension application deployed in a subaccount in SAP Business Technology Platform (SAP BTP) and at the same time fully integrated in your SAP SuccessFactors system.

In this tutorial, you use the task management sample application for SAP SuccessFactors solutions is to learn some best practices when building SAP SuccessFactors extension applications on SAP BTP. We recommend to use this sample application only as a proof of concept and a starting point for implementing extensions.

Using this application, you can:

  • Manage different tasks related to human resources (HR), and send them for approval to your colleagues
  • Move the employees in your company from one job title to another.
  • Approve the transfer of employees between positions and departments.
  • Hire new colleagues.

The following diagram shows the technical components that take part in this scenario.

Architecture Diagram

  • Step 1

    To do that, you must register your SAP SuccessFactors system in your global account in SAP BTP. During this process, an integration token is created and then used by the SAP SuccessFactors system tenant administrator to configure the integration on the SAP SuccessFactors system side.

    1. In the SAP BTP cockpit, navigate to your global account, and then choose System Landscape.

    2. In the Systems tab, choose Add System.

      In the <strong>Systems</strong> panel, choose <strong>Add System</strong>.
    3. In the Add System dialog box:

      • Enter a name for the system you want to register.

        Use only printable ASCII characters.

        Enter a name for the system you want to register.
      • In the Type dropdown list, select the system type.

        In the <strong>Type</strong> dropdown list, select the system type.
      • Choose Add.

        SAP BTP generates an integration token that the tenant administrator of the extended SAP SuccessFactors system uses on the respective SAP SuccessFactors system side when configuring the integration between your SAP SuccessFactors system and the global account in SAP BTP.

    4. To get a token to register this system with global account, choose Get Token. You need it for configuring the integration on the extended SAP SuccessFactors system side.

    5. Copy the registration token and close the dialog box.

    The SAP SuccessFactors system appears in the list of added systems. Its status is Pending because the registration process is not yet completed.

  • Step 2
    1. In SAP SuccessFactors Admin Center, navigate to Extension Center.

    If you do not have permissions to access the Extension Center for the corresponding SAP SuccessFactors system, you need to send the integration token to a user with such permissions who will configure the integration on the SAP SuccessFactors system side.

    1. On the Extensions on SAP BTP tab page, navigate to the Add Integration with SAP BTP screen area, and paste the integration token in the Integration Token input field.

      In the <strong>Integration Token</strong> input field, paste the integration token.
    2. Choose Add.

    The system appears in the integration list in the Multi-Cloud Environment screen area, and the status of the integration is displayed in the Integration Status column. To refresh the status of the process, choose the Check Status icon. Wait for the integration to finish.

    1. In the SAP BTP cockpit, check the status of the registration process. To do so, navigate to your global account, and on the System Landscape page, check if the status of the SAP system has changed to Registered.

    If you are already on the System Landscape page, refresh the page to check if the status has changed.

    You can register a system only once with the same name per global account.

    Check if the status of the SAP System has changed to <strong>Registered</strong>.
  • Step 3

    You need to configure the entitlements for the subaccount where the task management sample application for SAP SuccessFactors solutions will be deployed and assign the api-access and the sso-configuration service plans for the SAP SuccessFactors Extensibility service instance to the system you registered in the previous step.

    1. In the SAP BTP cockpit, navigate to your global account.

    2. In the navigation area, choose Entitlements > Entity Assignments.

    3. Select your subaccount from the Select Entities: drop down menu, and then choose Go.

      Select your subaccount from the <strong>Select Entities:</strong> drop down menu, and then choose <strong>Go</strong>.
    4. Choose Configure Entitlements.

      Choose <strong>Configure Entitlements</strong>.
    5. Choose Add Service Plans, and then select the SAP SuccessFactors Extensibility service.

      Choose <strong>Add Service Plans</strong>, and then select the <strong>SAP SuccessFactors Extensibility</strong> service.
    6. In the Available Service Plans area, select the system you have registered. Then, select api-access and sso-configuration service plans, and choose Add 2 Service Plans.

    7. Save the changes.

  • Step 4
    1. Make sure you are logged on to SAP BTP cockpit as a Cloud Foundry administrator.

    2. In your trial global account, choose Entitlements > Entity Assignments.

    3. If there is no entry for the Cloud Foundry runtime, choose Configure Entitlements, and then Add Service Plans.

    4. In the popup, proceed as follows:

      • Choose Cloud Foundry Runtime.

      • Under Available Service Plans, select the MEMORY checkbox.

      • Choose Add 1 Service Plan.

      Choose <strong>Cloud Foundry Runtime</strong>, select the <strong>MEMORY</strong> service plan and then choose <strong>Add 1 Service Plan</strong>.
    5. On the Entity Assignments screen, choose + on the Cloud Foundry Runtime service row to add at least 1 quota to the subaccount, and then choose Save.

  • Step 5
    1. Clone the GitHub repository:

      Git
      Copy
      git clone https://github.com/SAP/task-management-sample-app-sfsf-solutions
      
    2. Configure the details of the SAP SuccessFactors system to which you will connect.

      To do so, in the root of the project locate the sap-successfactors-extensibility.json file and replace the value of the systemName parameter with the system name of the system you registered in StepĀ 1.

    3. In the root of the project locate the vars.yml file and replace the values of the following parameters:

      • ID. Enter your user in SAP BTP. It is either an S-user, a P-user, or a trial user.

      • REGION_HOST. Enter eu10.hana.ondemand.com. To check the <region_host>, go to the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section, and remove the https://api.cf.

    4. Open a console and navigate to the root folder of the project that is created on you local file system after cloning the GitHub repository.

      cd <root folder of the project>

    5. Build the application. To do so, use the following command:

      mvn clean install

  • Step 6

    To connect the task management sample application for SAP SuccessFactors solutions to your SAP SuccessFactors company, you use a destination. For that, you first need to create a Destination service instance using the lite service plan.

  • Step 7

    To consume the SAP SuccessFactors APIs, you create an SAP SuccessFactors Extensibility service instance using the api-access service plan.

    During the service instance creation, an HTTP destination on a subaccount level is automatically generated in this subaccount. You use this destination to establish connection to your SAP SuccessFactors system.

  • Step 8

    To configure the authentication for the task management sample application for SAP SuccessFactors solutions, you create an Authorization and Trust management service instance with application service plan.

  • Step 9

    You have to use Cloud Foundry Command Line Interface (cf CLI) to deploy and run the task management sample application for SAP SuccessFactors solutions.

    1. Open a console and navigate to the root folder of the project in local file system.

      cd <root folder of the project>

    2. Log on to the cf CLI, using this command:

      Git
      Copy
      cf login -a https://api.cf.eu10.hana.ondemand.com
      

      The value https://api.cf.eu10.hana.ondemand.com represents the <api_endpoint>. To check it, go to the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section. See Log On to the Cloud Foundry Environment Using the Cloud Foundry Command Line Interface.

    3. Navigate to your Org by typing in the console the number that corresponds to your Org in the list with Orgs that is displayed after you log on to cf CLI.

    4. If you have more than one space, navigate to your space, by typing in the console the number that corresponds to your space in the list with spaces.

      If you have only one space, you will be redirected to it right after you specify your Org.

    5. In the cf CLI push the vars.yml file using this command:

      cf push --vars-file vars.yml

  • Step 10

    To ensure the required security for accessing the applications, you need to configure the single sign-on between the subaccount in SAP BTP and the SAP SuccessFactors system using a SAML identity provider. The single sign-on requires both solutions to be configured as trusted SAML service providers for the identity provider, and at the same time, the identity provider to be configured as trusted identity provider for the two solutions.

    1. Download SAML metadata from the SAP SuccessFactors system.

      • Go to https://<sap_successfactors_system>/idp/samlmetadata?company=<company_id>&cert=sha2 where:

        • <sap_successfactors_system> is the hostname of your SAP SuccessFactors system

        • <company_id> is the ID of your SAP SuccessFactors company

      • When you are prompted, save the file on your local file system and change its extension to .xml.

    2. Register the SAP SuccessFactors identity provider in the SAP BTP cockpit.

      • Open the cockpit and navigate to your subaccount.

      • Choose Security > Trust Configuration.

      • Choose New Trust Configuration.

        Navigate to your subaccount, choose <strong>Security</strong> > <strong>Trust Configuration</strong> and then, choose <strong>New Trust Configuration</strong>.
      • To upload the SAML metadata you downloaded in step 1, choose Upload. Browse to the XML file you saved and select it. Some of the fields are automatically filled in.

        To upload the SAML metadata you downloaded in step 1, choose <strong>Upload</strong>.
      • In the Name field, enter a meaningful name for the trust configuration.

      • Save the changes.

    3. Make the trust configuration to the SAP SuccessFactors identity provider the only configuration that is available for user logon. To do that, edit all other configurations and unselect the Available for User Logon checkbox. Save the change.

      Trust configuration the only configuration that is available for user logon

    See Establish Trust Between SAP SuccessFactors and SAP BTP.

  • Step 11

    To configure the subaccount as a trusted service provider in SAP SuccessFactors, you have to create an SAP SuccessFactors Extensibility service instance using the sso-configuration service plan.

    1. In the SAP BTP cockpit, navigate to the subaccount in which you want to configure as a trusted service provider in SAP SuccessFactors.

    2. In the navigation area, choose Services > Service Marketplace, and on the Service Marketplace screen, search for the SAP SuccessFactors Extensibility service.

    3. In the SAP SuccessFactors Extensibility page, choose Create.

    4. In the New Instance or Subscription wizard:

    • In the Service dropdown list, ensure you have selected the SAP SuccessFactors Extensibility service.
    • In the Plan dropdown list, select the sso-configuration service plan.
    • In the Runtime Environment dropdown list, select Other.
    • In the Instance Name field, enter a name for your instance, for example sso-to-successfactors. Choose Next.
    • To configure the assertion consumer service of the subaccount, specify the system name in the JSON file:
      {"systemName": "my-sap-successfactors-system"}

      For more information about the structure of the JSON file, see Single Sign-On Configuration JSON File.

    • Choose Next.

    • Choose Create.

    You have an assertion consumer service for the subaccount created in SAP SuccessFactors and have the SSO between your subaccount in SAP BTP and your SAP SuccessFactors system.

    See Configure the Subaccount as a Trusted Service Provider in SAP SuccessFactors.

  • Step 12
    1. In the SAP BTP cockpit, navigate to your subaccount and then to your space.

      Choose Applications, and then choose the approuter-task-management link to go to the Overview page of the application.

    2. On the approuter-task-management - Overview page, choose the URL in the Application Routes screen area to open the application in your browser.

    To finish the tutorial, copy the application URL you just opened and paste it in the validation box below:

    Copy the URL in the Application Routes screen area and paste it here. Make sure to skip the "https://" prefix.

Back to top