Skip to Content

Extend SAP SuccessFactors on SAP BTP, Cloud Foundry Environment

test
0 %
Extend SAP SuccessFactors on SAP BTP, Cloud Foundry Environment
Details

Extend SAP SuccessFactors on SAP BTP, Cloud Foundry Environment

August 31, 2021
Created by
August 31, 2021
Extend SAP SuccessFactors with the task management sample application for SAP SuccessFactors solutions running on SAP BTP, Cloud Foundry environment using automated integration configuration.

You will learn

  • How to extend the functionality of your SAP SuccessFactors system to manage different HR tasks
  • How to integrate an SAP SuccessFactors system to a global account in SAP BTP using automated configurations
  • How to adjust the single sign-on between the subaccount in SAP BTP and the SAP SuccessFactors system using a SAML identity provider to ensure the required security for accessing the extension application
QR code

Prerequisites

  • Tools:
  • On SAP BTP side:
    • You have either an enterprise or a trial global account in SAP BTP.
    • You have an S-user or P-user (if you are using an enterprise global account), and a trial user (if you are using a trial account). See User and Member Management.
    • You are an administrator of the global account where you want to register your SAP SuccessFactors system.
    • You have enabled the Cloud Foundry capabilities for your subaccount in SAP BTP.
  • On SAP SuccessFactors side:
    • You have a dedicated SAP SuccessFactors company instance.
    • To configure the integration on the SAP SuccessFactors system side, you need a user with permissions to access SAP SuccessFactors Provisioning.

You can extend the functionality of your SAP SuccessFactors system with an extension application deployed in a subaccount in SAP Business Technology Platform (SAP BTP) and at the same time fully integrated in your SAP SuccessFactors system.

In this tutorial, you use the task management sample application for SAP SuccessFactors solutions is to learn some best practices when building SAP SuccessFactors extension applications on SAP BTP. We recommend to use this sample application only as a proof of concept and a starting point for implementing extensions.

Using this application, you can:

  • Manage different tasks related to human resources (HR), and send them for approval to your colleagues
  • Move the employees in your company from one job title to another.
  • Approve the transfer of employees between positions and departments.
  • Hire new colleagues.

The following diagram shows the technical components that take part in this scenario.

Architecture Diagram


Step 1: Connect SAP SuccessFactors to SAP BTP

To do that, you must register your SAP SuccessFactors system in your global account in SAP BTP. During this process, an integration token is created and then used by the SAP SuccessFactors system tenant administrator to configure the integration on the SAP SuccessFactors system side.

  1. In the SAP BTP cockpit, navigate to your global account, and then choose System Landscape > Systems.

  2. In the Systems panel, choose Register System.

    In the <strong>Systems</strong> panel, choose <strong>Register System</strong>.
  3. In the Register System dialog box:

    • Enter a name for the system you want to register.

      Use only printable ASCII characters.

      Enter a name for the system you want to register.
    • In the Type dropdown list, select the system type.

      In the <strong>Type</strong> dropdown list, select the system type.
    • Choose Register.

      SAP BTP generates an integration token that the tenant administrator of the extended SAP SuccessFactors system uses on the respective SAP SuccessFactors system side when configuring the integration between your SAP SuccessFactors system and the global account in SAP BTP.

  4. Copy the integration token. You need it for configuring the integration on the extended SAP SuccessFactors system side.

  5. Close the dialog box.

The SAP SuccessFactors system appears in the list of registered systems. Its status is Pending because the registration process is not yet completed.

Log on to answer question
Step 2: Trigger registration in SAP SuccessFactors company
  1. Open SAP SuccessFactors Provisioning.

  2. In the List of Companies, choose your SAP SuccessFactors company.

  3. In the Edit Company Settings section, choose Extension Management Configuration.

  4. In the Integration Token input field, paste the integration token.

    In the <strong>Integration Token</strong> input field, paste the integration token.
  5. Choose Add.

    Wait for the integration to finish. You can check the status of the process with the Check Status button next to your system name.

  6. In the SAP BTP cockpit, check the status of the registration process. To do so, navigate to your global account, and on the Systems page, check if the status of the SAP system has changed to Registered.

If you are already on the Systems page, refresh the page to check if the status has changed.

You can register a system only once with the same name per global account.

Check if the status of the SAP System has changed to <strong>Registered</strong>.
Log on to answer question
Step 3: Make SAP SuccessFactors accessible in your subaccount

You need to configure the entitlements for the subaccount where the task management sample application for SAP SuccessFactors solutions will be deployed and assign the api-access service plan for the SAP SuccessFactors Extensibility service instance to the system you registered in the previous step.

  1. In the SAP BTP cockpit, navigate to your global account.

  2. In the navigation area, choose Entitlements > Entity Assignments.

  3. Select your subaccount from the Select Entities: drop down menu, and then choose Go.

    Select your subaccount from the <strong>Select Entities:</strong> drop down menu, and then choose <strong>Go</strong>.
  4. Choose Configure Entitlements.

    Choose <strong>Configure Entitlements</strong>.
  5. Choose Add Service Plans, and then select the SAP SuccessFactors Extensibility service.

    Choose <strong>Add Service Plans</strong>, and then select the <strong>SAP SuccessFactors Extensibility</strong> service.
  6. In the Available Service Plans area, select the system you have registered and the api-access service plan, and then choose Add Service Plan.

  7. Save the changes.

    Select the system you have registered and the <strong>api-access</strong> service plan, and then choose <strong>Add Service Plan</strong>.
Log on to answer question
Step 4: Configure entitlements for SAP BTP, Cloud Foundry runtime
  1. Make sure you are logged on to SAP BTP cockpit as a Cloud Foundry administrator.

  2. In your trial global account, choose Entitlements > Entity Assignments.

  3. If there is no entry for the Cloud Foundry runtime, choose Configure Entitlements, and then Add Service Plans.

  4. In the popup, proceed as follows:

    • Choose Cloud Foundry Runtime.

    • Under Available Service Plans, select the MEMORY checkbox.

    • Choose Add 1 Service Plan.

    Choose <strong>Cloud Foundry Runtime</strong>, select the <strong>MEMORY</strong> service plan and then choose <strong>Add 1 Service Plan</strong>.
  5. On the Entity Assignments screen, choose + on the Cloud Foundry Runtime service row to add at least 1 quota to the subaccount, and then choose Save.

Log on to answer question
Step 5: Clone extension application from GitHub
  1. Clone the GitHub repository:

    git clone https://github.com/SAP/task-management-sample-app-sfsf-solutions
    
  2. Configure the details of the SAP SuccessFactors system to which you will connect.

    To do so, in the root of the project locate the sap-successfactors-extensibility.json file and replace the value of the systemName parameter with the system name of the system you registered in Step 1.

  3. In the root of the project locate the vars.yml file and replace the values of the following parameters:

    • ID. Enter your user in SAP BTP. It is either an S-user, a P-user, or a trial user.

    • REGION_HOST. Enter eu10.hana.ondemand.com. To check the <region_host>, go to the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section, and remove the https://api.cf.

  4. Open a console and navigate to the root folder of the project that is created on you local file system after cloning the GitHub repository.

    cd <root folder of the project>

  5. Build the application. To do so, use the following command:

    mvn clean install

Log on to answer question
Step 6: Create Destination service instance

To connect the task management sample application for SAP SuccessFactors solutions to your SAP SuccessFactors company, you use a destination. For that, you first need to create a Destination service instance using the lite service plan.

  1. In the cockpit, navigate to your subaccount, choose Services > Service Marketplace, and on the Service Marketplace screen, search for the Destination service.

  2. From the Destination service tile, choose Create and follow the steps in the wizard to create the instance.

    From the <strong>Destination</strong> service tile, choose <strong>Create</strong>.
  3. On the Basic Info step:

    • Make sure to select the lite service plan.

    • In the Runtime Environment field, choose Cloud Foundry.

    • In the Space field, select the space you are working with.

    • In the Instance Name field, enter destination.

  4. On the Parameters step, leave the JSON field empty.

  5. Choose Create.

    Fill in the fields and choose <strong>Create</strong>.
  1. Log on to the cf CLI, using this command:

    cf login -a https://api.cf.eu10.hana.ondemand.com
    

    The string https://api.cf.eu10.hana.ondemand.com represents the <api_endpoint>. To check it, open the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section.

  2. Navigate to your Org by typing in the console the number that corresponds to your Org in the list with Orgs that is displayed after you log on to cf CLI.

  3. If you have more than one space, navigate to your space, by typing in the console the number that corresponds to your space in the list with spaces.

    If you have only one space, you will be redirected to it right after you specify your Org.

  4. Create the Destination service instance, use this command:

    cf create-service destination lite destination

Log on to answer question
Step 7: Create SAP SuccessFactors Extensibility service instance

To consume the SAP SuccessFactors APIs, you create an SAP SuccessFactors Extensibility service instance using the api-access service plan.

During the service instance creation, an HTTP destination on a subaccount level is automatically generated in this subaccount. You use this destination to establish connection to your SAP SuccessFactors system.

  1. In the cockpit, navigate to your subaccount, choose Services > Service Marketplace, and on the Service Marketplace screen, search for the SAP SuccessFactors Extensibility service.

  2. From the SAP SuccessFactors Extensibility service tile, choose Create and follow the steps in the wizard to create the service instance.

    From the <strong>SAP SuccessFactors Extensibility</strong> service tile, choose <strong>Create</strong>.
  3. On the Basic Info step:

    • Make sure to select the api-access service plan.

    • In the Runtime Environment field, choose Cloud Foundry.

    • In the Space field, select the space you are working with.

    • In the System Name field, select your registered SAP SuccessFactors system.

    • In the Instance Name field, enter sap-successfactors-extensibility.

    Select the <strong>api-access</strong> service plan and enter <strong><code>sap-successfactors-extensibility</code></strong> in the <strong>Instance Name</strong> field.
  4. On the Parameters step, the JSON file is preconfigured. Choose Next.

    The <code>sap-successfactors-extensibility.json</code> file is preconfigured.
  5. Choose Create.

  1. Log on to the cf CLI, using this command:

    cf login -a https://api.cf.eu10.hana.ondemand.com
    

    The string https://api.cf.eu10.hana.ondemand.com is the <api_endpoint>. To check it, open the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section.

  2. Navigate to your Org by typing in the console the number that corresponds to your Org in the list with Orgs that is displayed after you log on to cf CLI.

  3. If you have more than one space, navigate to your space, by typing in the console the number that corresponds to your space in the list with spaces.

    If you have only one space, you will be redirected to it right after you specify your Org.

  4. Create the SAP SuccessFactors Extensibility service instance, use this command:

    cf create-service sap-successfactors-extensibility api-access sap-successfactors-extensibility -c sap-successfactors-extensibility.json

Log on to answer question
Step 8: Create SAP Authorization & Trust Management service instance

To configure the authentication for the task management sample application for SAP SuccessFactors solutions, you create an Authorization and Trust management service instance with application service plan.

  1. In the cockpit, navigate to your subaccount, choose Services > Service Marketplace, and on the Service Marketplace screen, search for the Authorization & Trust Management service.

  2. From the Authorization & Trust Management service tile, choose Create and follow the steps in the wizard to create the service instance.

    From the <strong>Authorization & Trust Management</strong> service tile, choose <strong>Create</strong>.
  3. On the Basic Info step:

    • Make sure to select the application service plan.

    • In the Runtime Environment field, choose Cloud Foundry.

    • In the Space field, select the space you are working with.

    • In the Instance Name field, enter xsuaa.

    Select the <strong>application</strong> service plan and in the <strong>Instance Name</strong> field, enter <strong><code>xsuaa</code></strong>.
  4. On the Parameters step, upload the xsuaa.json file.

    On the <strong>Parameters</strong> step, upload the <code>xsuaa.json</code> file.
  5. Choose Create.

  1. Log on to the cf CLI, using this command:

    cf login -a https://api.cf.eu10.hana.ondemand.com
    

    The string https://api.cf.eu10.hana.ondemand.com represents the <api_endpoint>. To check it, open the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section.

  2. Navigate to your Org by typing in the console the number that corresponds to your Org in the list with Orgs that is displayed after you log on to cf CLI.

  3. If you have more than one space, navigate to your space, by typing in the console the number that corresponds to your space in the list with spaces.

    If you have only one space, you will be redirected to it right after you specify your Org.

  4. Create the Authorization & Trust Management service instance, use this command:

    cf create-service xsuaa application xsuaa -c xsuaa.json

Log on to answer question
Step 9: Deploy and run the extension application

You have to use Cloud Foundry Command Line Interface (cf CLI) to deploy and run the task management sample application for SAP SuccessFactors solutions.

  1. Log on to the cf CLI, using this command:

    cf login -a https://api.cf.eu10.hana.ondemand.com
    

    The value https://api.cf.eu10.hana.ondemand.com represents the <api_endpoint>. To check it, go to the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section. See Log On to the Cloud Foundry Environment Using the Cloud Foundry Command Line Interface.

  2. Navigate to your Org by typing in the console the number that corresponds to your Org in the list with Orgs that is displayed after you log on to cf CLI.

  3. If you have more than one space, navigate to your space, by typing in the console the number that corresponds to your space in the list with spaces.

    If you have only one space, you will be redirected to it right after you specify your Org.

  4. In the cf CLI push the vars.yml file using this command:

    cf push --vars-file vars.yml

Log on to answer question
Step 10: Establish trust between SAP SuccessFactors and SAP BTP

To ensure the required security for accessing the applications, you need to configure the single sign-on between the subaccount in SAP BTP and the SAP SuccessFactors system using a SAML identity provider. The single sign-on requires both solutions to be configured as trusted SAML service providers for the identity provider, and at the same time, the identity provider to be configured as trusted identity provider for the two solutions.

  1. Download SAML metadata from the SAP SuccessFactors system.

    • Go to https://<sap_successfactors_system>/idp/samlmetadata?company=<company_id>&cert=sha2 where:

      • <sap_successfactors_system> is the hostname of your SAP SuccessFactors system

      • <company_id> is the ID of your SAP SuccessFactors company

    • When you are prompted, save the file on your local file system and change its extension to .xml.

  2. Register the SAP SuccessFactors identity provider in the SAP BTP cockpit.

    • Open the cockpit and navigate to your subaccount.

    • Choose Security > Trust Configuration.

    • Choose New Trust Configuration.

      Navigate to your subaccount, choose <strong>Security</strong> > <strong>Trust Configuration</strong> and then, choose <strong>New Trust Configuration</strong>.
    • To upload the SAML metadata you downloaded in step 1, choose Upload. Browse to the XML file you saved and select it. Some of the fields are automatically filled in.

      To upload the SAML metadata you downloaded in step 1, choose <strong>Upload</strong>.
    • In the Name field, enter a meaningful name for the trust configuration.

    • Save the changes.

  3. Make the trust configuration to the SAP SuccessFactors identity provider the only configuration that is available for user logon. To do that, edit all other configurations and unselect the Available for User Logon checkbox. Save the change.

    Trust configuration the only configuration that is available for user logon

See Establish Trust Between SAP SuccessFactors and SAP BTP.

Log on to answer question
Step 11: Register Assertion Consumer Service of subaccount in SAP SuccessFactors
  1. Download the service provider SAML metadata file from the SAP BTP cockpit.

    • Go to your subaccount and choose Security > Trust Configuration.

    • Choose SAML Metadata to download an XML file that contains the SAML 2.0 metadata describing SAP BTP as a service provider.

      Choose <strong>SAML Metadata</strong> to download an XML file that contains the SAML 2.0 metadata describing SAP BTP as a service provider.
    • Open the XML file in a text editor and copy the following values:

      • The value of the Location attribute of the AssertionConsumerService element with the HTTP-POST binding of the XML file: this is the value of the Assertion Consumer Service.

        Copy the value of the <code>Location</code> attribute of the <code>AssertionConsumerService</code> element with the HTTP-POST binding of the XML file.
      • The value of the Location attribute of the SingleLogoutService element with the HTTP-POST binding of the XML file: this is the value of the logout URL.

        Copy he value of the <code>Location</code> attribute of the <code>SingleLogoutService</code> element with the HTTP-POST binding of the XML file.
      • The value of the EntityID attribute of EntityDescriptor element of the XML file: this is the value of the Audience URL.

        Copy the value of the <code>EntityID</code> attribute of <code>EntityDescriptor</code> element of the XML file.
  2. In Provisioning of SAP SuccessFactors, go to your company and choose Service Provider Settings > Authorized SP Assertion Consumer Service Settings.

  3. Choose Add another Service Provider ACS and fill in the following fields:

    Field Name Value
    Assertion Consumer Service This is the value of the Location attribute of the AssertionConsumerService element with the HTTP-POST binding you copied in substep 1 in this step.
    Logout URL This is the value of the Location attribute of the SingleLogoutService element with the HTTP-POST binding you copied in substep 1 in this step.
    Audience URL This is the value of the EntityID attribute of EntityDescriptor element you copied in substep 1 in this step.
    Application Name Select SAP Business Technology Platform from the dropdown menu.
    Choose <strong>Add another Service Provider ACS</strong> and fill in the fields.

See Register the Assertion Consumer Service of the Subaccount in SAP BTP in SAP SuccessFactors.

Log on to answer question
Step 12: Test the extension application
  1. In the SAP BTP cockpit, navigate to your subaccount and then to your space.

    Choose Applications, and then choose the approuter-task-management link to go to the Overview page of the application.

  2. On the approuter-task-management - Overview page, choose the URL in the Application Routes screen area to open the application in your browser.

To finish the tutorial, copy the application URL you just opened and paste it in the validation box below:

Copy the URL in the Application Routes screen area and paste it here.
Make sure to skip the "https://" prefix.
×

Next Steps

Back to top