Human Capital Management Blogs by Members
Gain valuable knowledge and tips on SAP SuccessFactors HCM suite and human capital management market from member blog posts. Share your insights with a post of your own.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Bidirectional integration between SAP SuccessFactors & Azure Active Directory in Microsoft Azure Enterprise applications - Part 2 - Technical configuration for SuccessFactors Writeback

former_member711310
Explorer
‎10-23-2021 3:19 PM

This blog is a continuation of the “ Part 1 - Technical configuration for SAP SuccessFactors to Azure Active Directory user provisioning“.


 

In section, we will focus on the Technical configuration for SuccessFactors Writeback.


 









Bidirectional integration between SAP SuccessFactors & Azure Active Directory in Microsoft Azure Ent...
Part 1 - Technical configuration for SAP SuccessFactors to Azure Active Directory user provisioning
Part 2 - Technical configuration for SuccessFactors Writeback

Note:

For this demonstration, I have already created an Azure AD tenant and using SAP SuccessFactors & Azure  trail account for the POC.

We can use the same API user(SFAPI2) which we created in part1(step 1 to 4) .

Steps need to perform in SAP SuccessFactors

Step :1 SuccessFactors Writeback provisioning app uses certain code values to identify email in Employee Central.

 

1.1 In SuccessFactors Admin Center, search for Manage business configuration.


 

1.2 Under HRIS Elements, select emailInfo and click on the Details for the email-type field.



 

1.3 On the email-type details page, note down the name of the picklist associated with this field. By default, it is ecEmailType. However it may be different in your tenant.



 

Step :2 Retrieve constant value for emailType


 

2.1 In SuccessFactors Admin Center, search and open Picklist Center.



 

2.2 Use the name of the email picklist captured from the previous section (e.g. ecEmailType) to find the email picklist.



 

2.3 Open the active email picklist.



2.4 On the email type picklist page, select the Business email type.



2.5 Note down the Option ID associated with the Business email. This is the code that we will use with emailType in the attribute-mapping table.



Steps need to perform in Microsoft Azure AD

 

Step :3  Add the provisioning connector app and configure connectivity to SuccessFactors

To configure SuccessFactors Writeback:

3.1 Login to Azure Portal

3.2 In the left navigation bar, select Azure Active Directory

3.3 Select Enterprise Applications


 

3.4  Select All Applications and Select Add an application.



 

3.5 Search for "SuccessFactors Writeback" and select



3.6 Click on create and add that app from the gallery.



3.7 Wait till adding the application "SuccessFactors Writeback "



 

3.8 After the app is added and the app details screen is shown, select Provisioning



 

3.9 Click on "Get Started "



3.10 Change the Provisioning Mode to Automatic



3.11 Complete the Admin Credentials section as below and test the connection.



3.12  If the connection test succeeds, click the Save button at the top.



3.13 Once the credentials are saved successfully, the Mappings section will display the default mapping. Refresh the page, if the attribute mappings are not visible.




Step 4: Configure attribute mappings


 

4.1 On the Provisioning tab under Mappings, click Provision Azure Active Directory Users.



4.2 In the Source Object Scope field, you can select which sets of users in Azure AD should be considered for write-back, by defining a set of attribute-based filters. The default scope is "all users in Azure AD".



4.3 The Target Object Actions field only supports the Update operation.


4.4 In the mapping table under Attribute mappings section, we can map the following Azure Active Directory attributes to SuccessFactors. The table below provides guidance on how to map the write-back attributes.


Note : I have selected only email for the update in Azure AD -> SuccessFactors and if you have any other requirement like employeeID or mobile number perform the changes accordingly .


4.5 Validate and review your attribute mappings.


4.6 Click Save to save the mappings.


Step 5: Enable and launch user provisioning


 

5.1 In the Provisioning tab, set the Provisioning Status to On.


5.2 Select Scope. You can select from one of the following options:



Option 1: Sync all users and groups: Select this option if you plan to write back mapped attributes of all users from Azure AD to SuccessFactors, subject to the scoping rules defined under Mappings -> Source Object Scope.

Option 2: Sync only assigned users and groups: Select this option if you plan to write back mapped attributes of only users that you have assigned to this application in the Application -> Manage -> Users and groups menu option. These users are also subject to the scoping rules defined under Mappings -> Source Object Scope.

Note : I have selected the  option 1 so all users will get synced.

5.3 Click Save.



5.4 This operation will start the initial sync, which can take a variable number of hours depending on how many users are in the Azure AD tenant and the scope defined for the operation. You can check the progress bar to the track the progress of the sync cycle.


5.5 At any time, check the Provisioning logs tab in the Azure portal to see what actions the provisioning service has performed. The provisioning logs lists all individual sync events performed by the provisioning service.


5.6 Once the initial sync is completed, it will write an audit summary report in the Provisioning tab, as shown below.


11 Comments
Sebastian_W
Explorer
‎01-27-2022 9:01 AM
Great Guide, thank you for sharing!

One question: How did you handle the mandatory country code field in SF?
We are always running into an error, saying the field can't be blank.

It's not part of the mapping
former_member711310
Explorer
‎02-25-2022 5:54 AM
0 Kudos
Hi Sebastian,

Please check if you have made some changes in country step 6.4 .

https://blogs.sap.com/2021/10/23/bidirectional-integration-between-sap-successfactors-azure-active-d...

We have not faced any issue in the country code field in SF.
toaguiar
Discoverer
‎03-21-2022 10:39 AM
0 Kudos
Hi,

It looks like the admin credentials section in Azure AD has changed the required fields. Now the admin credentials section asks for the tenant URL and secret token.


Does anyone have any idea how to establish the connection using a secret token?


Thanks in advance.



misaneg
Discoverer
‎10-24-2023 1:10 PM
Hi,

It is possible just use the writeback without the part1?  Azure -> SFSF to provisioning SFSF with Azure data?

I mean instead of be bidirectional be unidirectional with the writeback?

 

Regards
Laura_Gyselbrec
Explorer
‎03-05-2024 10:42 AM
0 Kudos

Hi @Sebastian_W 

How did you manage to solve this? Because we get the error that "Country is a required field and cannot be blank". We tried to add it to the mapping (the field is customString1 on Phone Info), but we keep receiving the same error. 

Thanks for your feedback!

 

Sebastian_W
Explorer
‎03-05-2024 10:56 AM
0 Kudos

Hi @Laura_Gyselbrec 

in SF you can remove the setting for the country code to be mandatory in Manage Business Configuration in the Phone Information.

However we recommend to deactivate the fields for Country Code and Extension completely, as Azure is storing the Phone Number as a whole in one field and it is therefore also send alltogether into the number field of SF anyways. 

Hope this helps!

Laura_Gyselbrec
Explorer
‎03-05-2024 2:01 PM
0 Kudos

Thanks @Sebastian_W for your quick response! 

Yes indeed, we tried to write it back by making the field non-mandatory and in that case the full number is written back in the field 'Phone Number'. However the other fields stay empty (Country, Country Code, Area Code). 

Would you know if we can use the field country as source attribute to get this filled in the field 'Country' in SF? It is available in the attribute list.

Laura_Gyselbrec_0-1709647172670.png

 

Sebastian_W
Explorer
‎03-05-2024 4:01 PM
0 Kudos

@Laura_Gyselbrec 

Yeah, they will stay empty, as all phone information is coming from one single field in Azure. I tried to come up with Expressions in order to seperate the numbers in Country Code, Number and Extension, but as the phone numbers are so various, I disregarded that idea pretty quickly.

To my knowledge there is no field in Azure, which holds the Country Code for the phone numbers, where you could retrieve the information. 

 

best is to deactive the unused fields in SF and just stick with one field holding to whole number.

Laura_Gyselbrec
Explorer
‎03-08-2024 12:36 PM
0 Kudos

Thanks @Sebastian_W ! Seems that this will be the only solution. 

FYI we also tried to map country code (which is an attribute that should be supported as stated in the documentation), but that is not working either. When using the picklist value of a certain country code, the app can make the translation to the correct code, but in the end we get an error message:

Laura_Gyselbrec_1-1709901322936.png

 

 

 

Wilfrid_Illizeo
Discoverer
‎04-05-2024 2:54 PM
0 Kudos

 

Hello,

We can't get through the test connection in Azure.

However, the credentials seem OK.

Have any of you had this error before?

Thanks Wilfrid

Testing connection to (BUSINESS) SuccessFactors Writeback You appear to have entered invalid credentials. Please confirm you are using the correct information for an administrative account.

Error code : SuccessFactorsInvalidBaseAdress

Details : The remote name could not be resolved

Request-Id : 72131955-2ff0-4311-bf27-f588b1faaaeb

Sans titre.png

Sebastian_W
Explorer
‎04-05-2024 2:57 PM

@Wilfrid_Illizeo remove the https:// from the Tenant URL and you should be fine. 

Labels in this area
Popular Blog Posts