create-outbound-oauth-configuration-in-sap-successfactors-2fcdea4.md

Create Outbound OAuth Configuration in SAP SuccessFactors

Prerequisites

• You have an OAuth client in SAP BTP created. See Create OAuth Client in SAP BTP.

• You have created an OAuth X509 key and have saved the X509 certificate on your local file system. See Generate OAuth X509 Key in SAP SuccessFactors.

• You have registered the X509 certificate when creating a trusted identity provider in the SAP BTP cockpit. See Create Trusted Identity Provider in SAP BTP Cockpit.

Context

Remember:

SAP Business Technology Platform, Neo environment will sunset on December 31, 2028, subject to terms of customer or partner contracts.

For more information, see SAP Note 3351844.

Tip:

This documentation refers to SAP Business Technology Platform, Neo environment. If you are looking for documentation about other environments, see SAP Business Technology Platform ↗️.

Based on the X509 certificate and OAuth client, you have to create an outbound OAuth configuration in the SAP SuccessFactors system.

Procedure

1. Log on to the SAP SuccessFactors system, and go to the Integration Center.

2. In the Integration Center, choose the Security Center tile and then choose the Outbound OAuth Configurations.

3. Choose Add to create a new outbound OAuth configuration.

4. In the Configuration Name field, enter a name for this outbound OAuth configuration.

5. In the Client ID field, paste the value of the ID field of the OAuth client that you have created in the SAP BTP cockpit.

6. In the Client Secret field, enter the value of the Secret field of the OAuth client that you have created in the SAP BTP cockpit.

7. In the OAuth Type drop-down menu, select OAuth 2.0 with SAML Flow.

8. In the Token URL field, paste the value of the Token URL from the Token Endpoint field in the Security > OAuth > Branding > OAuth URLs.

9. In the Token Method field, select POST.

10. In the Audience field, paste the local service provider name for your account from the SAP BTP cockpit.

    Note:

    Open the SAP BTP cockpit and go to Security > Trust > Local Service Provider > Local Provider Name. See Principal Propagation to OAuth-Protected Applications.

11. In the Recipient field, enter the same value as the one in the Token URL field.

12. In the Issuer field, copy and paste the same value as the Name field of the trusted identity provider you created in the SAP BTP cockpit. See Create Trusted Identity Provider in SAP BTP Cockpit.

13. In the X509 Keys, select the OAuth X509 key you created. See Generate OAuth X509 Key in SAP SuccessFactors.

14. Choose Save.