The EmpowerID SuccessFactors Connector is a strategic an essential integration tool designed to seamlessly link that connects EmpowerID's Identity Management platform with SAP SuccessFactors, a leading Human Capital Management (HCM) suite. This connector is engineered to facilitate robust and efficient synchronization of designed to pull user information from SuccessFactors into EmpowerID, ensuring that user identities, roles, and permissions between the two systems, thereby streamlining HR and IT processes within organizations. Utilizing related attributes are consistently reflected within EmpowerID. Using the SCIM 2.0 protocol for provisioning and the OData protocol for data retrieval, the connector ensures consistent and reliable synchronization of data across all connected back-end user directories.
Architecture Overview
This connector's architecture comprises The architecture of this connector is built around three core components:
...
the EmpowerID Microservice, the EmpowerID Account Store, and the OData Layer.
SAP SuccessFactors Microservice
The SAP SuccessFactors Microservice serves as the central processing unit within the connector’s architecture. Deployed on an Azure app service, this microservice
...
EmpowerID Account Store: Specifically designed to store and synchronize SuccessFactors identity information, ensuring data consistency and integrity.
...
is responsible for retrieving and processing user information from SuccessFactors. The microservice periodically queries SuccessFactors to pull the latest user data, ensuring that updates to user profiles or organizational roles are accurately captured within EmpowerID. By leveraging Azure's cloud infrastructure, the microservice benefits from high availability, scalability, and integrated security features, ensuring reliable and secure data processing.
SAP SuccessFactors Account Store
The SAP SuccessFactors Account Store is a specialized data repository within the connector architecture, designed to securely store the identity information retrieved from SuccessFactors. The account store serves as a central location within EmpowerID where SuccessFactors user data is synchronized and maintained. This setup ensures that the information pulled from SuccessFactors is readily available for identity management and governance purposes within EmpowerID, enabling organizations to enforce policies and manage access rights based on accurate and up-to-date user data.
OData Layer
The OData Layer facilitates the retrieval of user information from SuccessFactors. Positioned between the Azure Tenant and SuccessFactors, this layer utilizes the OData
...
The Azure app service uses a system-assigned managed identity tied to a Microsoft Entra ID application explicitly created for EmpowerID. This setup enables the SuccessFactors microservice to securely access Entra ID-protected services without requiring explicit credentials for authentication. To ensure a high degree of security throughout this interaction, client certificate authentication is employed.
Key Features and Benefits
Standardized Data Retrieval:
OData Protocol: Utilizes OData to retrieve data from SuccessFactors, ensuring standardized querying and manipulation of HR data.
Efficiency: The OData protocol supports filtering, sorting, paging, and other query operations, allowing for efficient data handling.
Provisioning and Synchronization:
SCIM 2.0 Protocol: Facilitates the provisioning of EmpowerID Persons and sustains data synchronization across connected directories.
Real-time Updates: Ensures that changes in SuccessFactors are promptly reflected in EmpowerID, maintaining data consistency.
Secure Integration:
Managed Identity: Uses a system-assigned managed identity to securely access Entra ID-protected services.
Client Certificate Authentication: Enhances security by employing client certificate authentication for all interactions.
Seamless HR and IT Processes:
Unified Management: Streamlines the management of user identities, roles, and permissions across HR and IT systems.
Improved Efficiency: Reduces manual intervention and automates synchronization tasks, leading to more efficient HR and IT operations.
Inventory Objects and their corresponding components in EmpowerID
Connects to the SuccessFactors API and retrieves Employee data.
protocol to execute queries against the SuccessFactors database. The OData protocol allows the connector to efficiently filter, sort, and retrieve specific user data as needed, ensuring that only the relevant information is pulled into EmpowerID. This capability is essential for maintaining an optimized and performant integration, as it minimizes the amount of data processed while ensuring that all necessary identity information is accurately captured.
Inventory Objects and their corresponding components in EmpowerID
Users in SAP SuccessFactors are cataloged as accounts within EmpowerID, with their information mapped to the corresponding fields in the Account table of the EmpowerID Identity and Resource Warehouse. EmpowerID inventories a comprehensive set of user data, including personal and employment details, as well as future hires up to 30 days in advance. Depending on the configuration of the account store, EmpowerID can automatically provision Person objects from these user accounts. These Person objects are then fully integrated into EmpowerID's Joiner, Mover, and Leaver processes, enabling streamlined management of user lifecycle events.
Object in SuccessFactors | Component in EmpowerID |
|---|---|
EmployeeUser | Account |
Attribute Mapping
The table below shows the attribute mappings of SAP SuccessFactors users to EmpowerID.
...
SuccessFactors Attribute | SCIM Attribute | EmpowerID Person Attribute | |||
|---|---|---|---|---|---|
personalInfoNavUser.FirstName | nameName.givenNameGivenName | FirstName | |||
personalInfoNavUser.LastName | nameName.familyNameFamilyName | LastName | |||
personalInfoNav.MiddleName | nameName.middleNameMiddleName | MiddleName | |||
personalInfoNav.LastName , personalInfoNav.FirstName | displayNameUser.Formatted | DisplayName | DisplayName | ||
employeePerPerson.DateOfBirth | additionalDataExtension.DateOfBirth | DateOfBirth | |||
personalInfoNav.Gender | additionalDataExtension.Gender | Gender | |||
homeAddressNavDFLT.Country | addresses.country && user.Country | Country | |||
homeAddressNavDFLT.ZipCode | address.PostalCode | ZipCode | |||
homeAddressNavDFLT.State | address.Region && user.State | State | |||
homeAddressNavDFLT.Address1 | address.StreetAddress | StreetAddress | |||
homeAddressNavDFLT.City | address.Locality && user.City | City | |||
homeAddressNavDFLT.StateNav.externalCode | address.Region , user.State | State | |||
employee.PersonExternalId | user.UserName , User.Id , user.ExternalId | Username , Id , LogonName | |||
emailNav.Primary | email.IsPrimary | Primary | emailNav.Value | email.Value | |
PerPhone.PhoneNumber | phoneNumber.Value | HomePhone | PerPhone.Primary | ||
phoneNumber.isPrimaryUser.EmpInfo.StartDate | enterpriseDataExtension.StartDate | ValidFrom | |||
User.EmpInfo.EndDate | enterpriseDataExtension.EndDate | AccountExpires | |||
User.custom01 | enterpriseDataExtension.custom01 | CustomAttribute01 |
...
SuccessFactors Attribute | SCIM Attribute | EmpowerID Person Attribute | |||
|---|---|---|---|---|---|
EmploymentNav.JobInfo.Department | enterpriseUserExtension.Department | Department | |||
EmploymentNav.JobInfo.Division | enterpriseUserExtension.Divsion | Division | |||
EmploymentNav.JobInfo.SeqNumber | enterpriseUserExtension.EmployeeNumber | EmployeeId | |||
EmploymentNav.JobInfo.ManagerId | enterpriseUserExtension.Manager.Value | ManagerId | |||
EmploymentNav.JobInfo.CompanyNavCostCenterNav.Name_en_US | enterpriseUserExtension.Organization | EmploymentNav.JobInfo.CostCenter | enterpriseUserExtension.CostCenter | CostCenter | |
EmploymentNav.JobInfo.StartDate | enterpriseDataExtension.StartDate | ValidFrom | |||
EmploymentNav.JobInfo.EndDate | enterpriseDataExtension.EndDate | ValidUntilAccountExpires | |||
EmploymentNav.JobInfo.JobCode | enterpriseDataExtension.JobCode | JobCode | |||
EmploymentNav.JobInfo.JobTitle | enterpriseDataExtension.JobTitle | JobTitle | |||
EmploymentNav.JobInfo.CompanyNav.Name_en_US | enterpriseDataExtension.CompanyNameCompanyName | Company | |||
EmploymentNav.JobInfo.WorkLocation | enterpriseDataExtension.WorkLocation | OfficeLocation | |||
EmploymentNav.JobInfo.EmployeeStatusNav.Status | enterpriseDataExtension.EmployeeStatus | EmployeeStatus | EmploymentNav.JobInfo.WorkingDaysPerWeek | enterpriseDataExtension.WorkingDaysPerWeek | CustomAttribute1 |
EmploymentNav.JobInfo.CostCenterNav.CostCenterDescription | enterpriseDataExtension.CostCenterDescription | CostCenterDescription | |||
EmploymentNav.JobInfo.CompanyNav.Name_en_US | enterpriseDataExtension.CompanyDescription | CompanyDescription | |||
EmploymentNav.JobInfo.BusinessUnit | enterpriseDataExtension.BusinessUnit | BusinessUnit | |||
EmploymentNav.JobInfo.BusinessUnitNav.Name(EmploymentNav.JobInfo.BusinessUnitNav.ExternalCode) | enterpriseDataExtension.BusinessUnitDescription | OrgUnit | |||
EmploymentNav.JobInfo.IsFulLTimeEmployee | enterpriseDataExtension.IsFullTimeEmployee | IsFulLTimeEmployee | |||
EmployeeNav.IsContigentWorker | enterpriseDataExtension.IsContigentWorker | IsContigentWorker | |||
EmployeeNav.JobInfo.PositionNav.Code | enterpriseDataExtension.PositionCode | PositionCode | |||
employeeNav.LastDayWorked | enterpriseDataExtension.LastDayWorked | LastDayWorked | |||
employmentNav.OriginalStartDate | enterpriseDataExtension.OriginalStartDate | OriginalHireDate | |||
EmploymentNavemploymentNav.JobInfo.WorkingDaysPerWeekenterpriseDataExtension.WorkingDaysPerWeekServiceDate | effectiveStartDate |
| Macrosuite divider macro | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...