To get the SAP SuccessFactors (SF) integration up and running, you need the client application credentials. This means you need to create a new OAuth2 Client Application and set the data access fields permissions from the users in order to grant Beekeeper access to only the necessary attributes.
New OAuth2 Client Application
To start, log in to SAP Success Factors:
Go to the Admin Center
Search for "Manage OAuth2 Client Applications"
Click "Register Client Application".
Fill in these fields:
- Application Name: Beekeeper Integration
- Description: Some information about the purpose of the application.
- Application URL: https://www.beekeeper.io
Click on "Generate x.509 Certificate"
In order to generate the certificate, complete at least the mandatory fields marked with a " * ".
Please note that you can specify the certificate validity. We recommend that you set the number of days, in line with the contract value of the SAP connector purchased to Beekeeper.
Once the fields have been filled, click "Generate".
You will then return to the previous menu with a X.509 Certificate.
Click on "Download" in order to make a back up file and then click on "Register".
You will return to the recently created "OAuth Client Application" to access the Company and API Key. Please take note of these values, since they will be required later by Beekeeper.
New Permission Group
Access the menu permission groups by searching the term in the search bar of the application.
Click "Create New" and then specify the Group Name and choose a technical user as member of this group. This change will allow the user to make all data requests to the OData API.
In this example we are selecting rdsadmin as technical user.
You will now have successfully configured the permission group.
New Permission Role
Following the configuration, access the Permission Role List menu by searching for "Permission Role List".
Click "Create New". This will take us into the "Permission Role Detail", where you can provide a role name and description.
Click on the button "Permission" in section 2 for Permission settings, and select at least the options shown here:
Grant this role to a group in section 3 and click "Add". Select the permission group by clicking "Select..."
Select the group previously created:
Save the changes. The final configuration should look like this:
Click on "Save Changes" and your new permission role will be listed in the menu.
Now you’re good to go!
What should I send to Beekeeper?
Beekeeper needs a few credentials to connect to SAP:
- Client ID – API key from a oauth app (in this case the beekeeper integration app) previously subscribed in SAP SF.
- User ID – ID of a technical user to make the token request with.
- Private key – Private key of the certificate added or generated for the integration app (beekeeper integration app) previously subscribed in SAP SF.
- Company ID – Company ID that represents the company in SAP SF.
- Base URL – URL for the SAP instance (e.g., https://apisalesdemo4. successfactors.com/odata/v2/)
Uninstalling the SAP SuccessFactors Integration
If the app is uninstalled in Beekeeper, you should also revoke the permissions of the Beekeeper Connector Permission Role that we created in SAP.