Versions Compared

Old Version 3

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The EmpowerID SuccessFactors Connector is a strategic an integration tool designed to seamlessly link that connects EmpowerID's Identity Management platform with SAP SuccessFactors, a leading Human Capital Management (HCM) suite. This connector is engineered to facilitate robust and efficient synchronization of designed to pull user information from SuccessFactors into EmpowerID, ensuring that user identities, roles, and permissions between the two systems, thereby streamlining HR and IT processes within organizations. Utilizing related attributes are consistently reflected within EmpowerID. Using the SCIM 2.0 protocol for provisioning and the OData protocol for data retrieval, the connector ensures consistent and reliable data synchronization of data across all connected back-end user directories.

Architecture Overview

This connector's architecture comprises The architecture of the EmpowerID SuccessFactors Connector is built around three core components: the EmpowerID Microservice, the EmpowerID Account Store, and the OData Layer. These components work together to provide secure, efficient, and reliable integration between EmpowerID and SAP SuccessFactors, ensuring that user data is accurately retrieved, processed, and synchronized.

...

The above architectural flowchart illustrates how these components interact to handle data synchronization and management between EmpowerID

...

and SAP SuccessFactors.

SAP SuccessFactors Microservice

The SAP SuccessFactors Microservice is the central processing unit within the connector’s architecture. Deployed on an Azure app service, this microservice

...

retrieves and processes

...

EmpowerID Account Store: Specifically designed to store and synchronize SuccessFactors identity information, ensuring data consistency and integrity.

...

OData Layer: Positioned between the Azure Tenan and SuccessFactors, the OData layer facilitates the retrieval of data from SuccessFactors, allowing for efficient querying and manipulation of HR data.

The Azure app service uses a system-assigned managed identity tied to a Microsoft Entra ID application explicitly created for EmpowerID. This setup enables the SuccessFactors microservice to securely access Entra ID-protected services without requiring explicit credentials for authentication. To ensure a high degree of security throughout this interaction, client certificate authentication is employed.

image-20240724-162255.pngImage Removed

Key Features and Benefits

  1. Standardized Data Retrieval:

    • OData Protocol: Utilizes OData to retrieve data from SuccessFactors, ensuring standardized querying and manipulation of HR data.

    • Efficiency: The OData protocol supports filtering, sorting, paging, and other query operations, allowing for efficient data handling.

  2. Provisioning and Synchronization:

    • SCIM 2.0 Protocol: Facilitates the provisioning of EmpowerID Persons and sustains data synchronization across connected directories.

    • Real-time Updates: Ensures that changes in SuccessFactors are promptly reflected in EmpowerID, maintaining data consistency.

  3. Secure Integration:

    • Managed Identity: Uses a system-assigned managed identity to securely access Entra ID-protected services.

    • Client Certificate Authentication: Enhances security by employing client certificate authentication for all interactions.

  4. Seamless HR and IT Processes:

    • Unified Management: Streamlines the management of user identities, roles, and permissions across HR and IT systems.

    • Improved Efficiency: Reduces manual intervention and automates synchronization tasks, leading to more efficient HR and IT operations.

Inventory Objects and their corresponding components in EmpowerID

Connects to the SuccessFactors API and retrieves Employee data.

...

Object in SuccessFactors

...

Component in EmpowerID

...

Employee

...

Account

Attribute Mapping

The table below shows the attribute mappings of SAP SuccessFactors users to EmpowerID.

...

user information from SuccessFactors. It periodically queries SuccessFactors to pull the latest user data, capturing updates to user profiles or organizational roles within EmpowerID. The microservice benefits from Azure's cloud infrastructure for availability, scalability, and security.

SAP SuccessFactors Account Store

The SAP SuccessFactors Account Store is a data repository within the connector architecture, designed to securely store identity information retrieved from SuccessFactors. This account store serves as a central location within EmpowerID where SuccessFactors user data is synchronized and maintained. The information pulled from SuccessFactors is available for identity management and governance within EmpowerID, allowing organizations to manage access rights based on accurate and current user data.

OData Layer

The OData Layer retrieves user information from SuccessFactors. Positioned between the Azure Tenant and SuccessFactors, this layer uses the OData protocol to execute queries against the SuccessFactors database. The OData protocol enables the connector to efficiently filter, sort, and retrieve specific user data, ensuring that relevant information is pulled into EmpowerID. This process helps maintain an optimized integration by reducing the amount of data processed and ensuring necessary identity information is captured.

Data Inventory and Account Management

The EmpowerID SuccessFactors Connector inventories and manages user accounts based on the data retrieved from SAP SuccessFactors.

Inventory Objects and Data Retrieval

EmpowerID initiates SCIM calls to the SAP SuccessFactors microservice, which is responsible for integrating with SuccessFactors. This microservice invokes the OData protocol to retrieve user data, including personal details, employment status, and future hires scheduled up to 30 days in advance.

Once the microservice retrieves the user data via OData, the OData response is converted into a SCIM response. The SCIM response is returned to EmpowerID, where the data is processed and inserted as an account object in the EmpowerID Identity and Resource Warehouse.

Inventory Objects and Their Corresponding Components in EmpowerID

After the user data is inserted into EmpowerID as an account object, it is mapped to the corresponding fields in the Account table of the EmpowerID Identity and Resource Warehouse. This process involves cataloging personal and employment details, such as role assignments, job titles, and future hires, to ensure that records are maintained accurately.

Object in SuccessFactors

Component in EmpowerID

User

Account

Provisioning Person Objects and Lifecycle Management

Once user accounts are inventoried, EmpowerID can automatically provision Person objects from these accounts. These Person objects are key to EmpowerID’s lifecycle management processes:

  • Joiner: Person objects are created for each user account, ensuring they are assigned appropriate roles and access rights.

  • Mover: When users change roles or locations, their Person objects are updated to reflect new job responsibilities or organizational units.

  • Leaver: Upon termination, Person objects are deactivated, revoking access rights as required.

Provisioning Person objects from the inventoried accounts enables EmpowerID to manage user transitions efficiently, using the latest data retrieved from SAP SuccessFactors.

Attribute Mapping

EmpowerID maps user attributes from SAP SuccessFactors to the appropriate fields within the EmpowerID system to facilitate seamless data integration. Below is a table that shows the attribute mappings for personal and employment data:

Personal Data Attribute Mapping

SuccessFactors Attribute

SCIM Attribute

EmpowerID Person Attribute

personalInfoNav

User.FirstName

name

Name.

givenName

GivenName

FirstName

personalInfoNav

User.LastName

name

Name.

familyName

FamilyName

LastName 

personalInfoNav.MiddleName

name

Name.

middleName

MiddleName

MiddleName 

personalInfoNav.LastName , personalInfoNav.FirstName

displayName

User.Formatted

DisplayName

DisplayName 

PerPerson.DateOfBirth

additionalDataExtension.DateOfBirth

DateOfBirth

personalInfoNav.Gender

additionalDataExtension.Gender

Gender

homeAddressNavDFLT.Country

addresses.country && user.Country

Country

homeAddressNavDFLT.ZipCode

address.PostalCode

ZipCode

homeAddressNavDFLT.State

address.Region && user.State

State

homeAddressNavDFLT.Address1

address.StreetAddress

StreetAddress

homeAddressNavDFLT.City

address.Locality && user.City

City

employee.PersonExternalId

user.UserName , User.Id , user.ExternalId

Username , Id , LogonName

emailNav.

Primary

email.IsPrimary

Primary

emailNav.

Value

email.Value

Email

PerPhone.PhoneNumber

phoneNumber.Value

HomePhone

PerPhone.Primary

phoneNumber.isPrimary

...

User.EmpInfo.StartDate

enterpriseDataExtension.StartDate

ValidFrom

User.EmpInfo.EndDate

enterpriseDataExtension.EndDate

AccountExpires

User.custom01

enterpriseDataExtension.custom01

CustomAttribute01

Employment Data Attribute Mapping

SuccessFactors Attribute

SCIM Attribute

EmpowerID Person Attribute

EmploymentNav.JobInfo.Department

enterpriseUserExtension.Department

Department

EmploymentNav.JobInfo.Division

enterpriseUserExtension.Divsion

Division

EmploymentNav.JobInfo.SeqNumber

enterpriseUserExtension.EmployeeNumber

EmployeeId

EmploymentNav.JobInfo.ManagerId

enterpriseUserExtension.Manager.Value

ManagerId

EmploymentNav.JobInfo.

CompanyNav

CostCenterNav.Name

_en_US

enterpriseUserExtension.Organization

EmploymentNav.JobInfo.CostCenter

enterpriseUserExtension.CostCenter

CostCenter

EmploymentNav.JobInfo.StartDate

enterpriseDataExtension.StartDate

ValidFrom

EmploymentNav.JobInfo.EndDate

enterpriseDataExtension.EndDate

ValidUntil

AccountExpires

EmploymentNav.JobInfo.JobCode

enterpriseDataExtension.JobCode

JobCode

EmploymentNav.JobInfo.JobTitle

enterpriseDataExtension.JobTitle

JobTitle

EmploymentNav.JobInfo.CompanyNav.Name_en_US

enterpriseDataExtension.CompanyName

CompanyName

Company

EmploymentNav.JobInfo.WorkLocation

enterpriseDataExtension.WorkLocation

OfficeLocation

EmploymentNav.JobInfo.EmployeeStatusNav.Status

enterpriseDataExtension.EmployeeStatus

EmployeeStatus

EmploymentNav.JobInfo.

WorkingDaysPerWeek

enterpriseDataExtension.WorkingDaysPerWeek

CustomAttribute1

EmploymentNav.JobInfo.

CostCenterNav.CostCenterDescription

enterpriseDataExtension.CostCenterDescription

CostCenterDescription

EmploymentNav.JobInfo.CompanyNav.Name

_en_US

enterpriseDataExtension.CompanyDescription

CompanyDescription

EmploymentNav.JobInfo.BusinessUnit

enterpriseDataExtension.BusinessUnit

BusinessUnit

EmploymentNav.JobInfo.BusinessUnitNav.Name(EmploymentNav.JobInfo.BusinessUnitNav.ExternalCode)

enterpriseDataExtension.BusinessUnitDescription

OrgUnit

EmploymentNav.JobInfo.IsFulLTimeEmployee

enterpriseDataExtension.IsFullTimeEmployee

IsFulLTimeEmployee

EmployeeNav.IsContigentWorker

enterpriseDataExtension.IsContigentWorker

IsContigentWorker

EmployeeNav.JobInfo.PositionNav.Code

enterpriseDataExtension.PositionCode

PositionCode

employeeNav.LastDayWorked

enterpriseDataExtension.LastDayWorked

LastDayWorked

employmentNav.OriginalStartDate

enterpriseDataExtension.OriginalStartDate

OriginalHireDate

employmentNav.ServiceDate

effectiveStartDate

Macrosuite divider macro
dividerWidth100
dividerTypetext
emoji{"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"}
isEditingIconOrEmojifalse
textColor#000000
dividerWeight3
labelPositionmiddle
textAlignmentcenter
iconColor#0052CC
iconSizemedium
fontSizemedium
textNext Steps
emojiEnabledfalse
dividerColor#DFE1E6
dividerIconbootstrap/CloudsFill

 

Connect to SAP SuccessFactors

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

...