You can extend the functionality of your SAP SuccessFactors system with an extension application deployed in a subaccount in SAP Business Technology Platform (SAP BTP) and at the same time fully integrated in your SAP SuccessFactors system.
The goal of the task management sample application for SAP SuccessFactors solutions is to show some best practices when building SAP SuccessFactors extension applications on SAP BTP. We recommend to use this sample application only as a proof of concept and a starting point for implementing extensions.
Using this application, you can:
- Manage different tasks related to human resources (HR), and send them for approval to your colleagues
- Move the employees in your company from one job title to another.
- Approve the transfer of employees between positions and departments.
- Hire new colleagues.
The following diagram shows the technical components that take part in this scenario.
There are several components and authorizations that you and/or your team members need.
Tools
- JDK 8 or later versions up to JDK 15
- Maven 3.0.x or later
- Cloud Foundry Command Line Interface (cf CLI)
- git
- Lombok - if you use an IDE for compilation
On SAP BTP side:
- You have either an enterprise or a trial global account in SAP BTP.
- You have an S-user or P-user (if you are using an enterprise global account), and a trial user (if you are using a trial account). See User and Member Management.
- You are an administrator of the global account where you want to register your SAP SuccessFactors system.
- You have enabled the Cloud Foundry capabilities for your subaccount in SAP BTP.
On SAP SuccessFactors side:
- You have a dedicated SAP SuccessFactors company instance.
- For SAP SuccessFactors, First Half 2021 Release, you need a user with permissions to access SAP SuccessFactors Provisioning.
- For SAP SuccessFactors, Second Half 2021 Release or later, you need a user with permissions to access Extension Center in SAP SuccessFactors Admin Center that include the Manage Extensions on SAP BTP permissions.
1. Connect the SAP SuccessFactors system you want to extend with the corresponding global account in SAP BTP
To do that, you must register your SAP SuccessFactors system in your global account in SAP BTP. During this process, an integration token is created and then used by the SAP SuccessFactors system tenant administrator to configure the integration on the SAP SuccessFactors system side.
-
In the SAP BTP cockpit, navigate to your global account, and then choose System Landscape > Systems.
-
In the Systems panel, choose Register System.
-
In the Register System dialog box:
- Enter a name for the system you want to register.
Use only printable ASCII characters.
- In the Type dropdown list, select the system type.
- Choose Register.
SAP BTP generates an integration token that the tenant administrator of the extended SAP SuccessFactors system uses on the respective SAP SuccessFactors system side when configuring the integration between your SAP SuccessFactors system and the global account in SAP BTP.
-
Copy the integration token. You need it for configuring the integration on the extended SAP SuccessFactors system side.
-
Close the dialog box.
The SAP SuccessFactors system appears in the list of registered systems. Its status is Pending because the registration process is not yet completed.
-
Configure the integration on the SAP SuccessFactors system side:
- In SAP SuccessFactors Admin Center, navigate to Extension Center.
If you do not have permissions to access the Extension Center for the corresponding SAP SuccessFactors system, you need to send the integration token to a user with such permissions who will configure the integration on the SAP SuccessFactors system side.
- On the Extensions on SAP BTP tab page, navigate to the Add Integration with SAP BTP screen area, and paste the integration token in the Integration Token input field.
- Choose Add.
The system appears in the integration list in the Multi-Cloud Environment screen area, and the status of the integration is displayed in the Integration Status column. To refresh the status of the process, choose the Check Status icon. Wait for the integration to finish.
-
In the SAP BTP cockpit, check the status of the registration process. To do so, navigate to your global account, and on the Systems page, check if the status of the SAP system has changed to Registered.
If you are already on the Systems page, refresh the page to check if the status has changed.
Note: You can register a system only once with the same name per global account.
See Register an SAP SuccessFactors System in a Global Account in SAP BTP.
2. Make the SAP SuccessFactors system accessible in the subaccount in SAP BTP in which you want to build your extension application
You need to configure the entitlements for the subaccount where the task management sample application for SAP SuccessFactors solutions will be deployed and assign the api-access service plan for the SAP SuccessFactors Extensibility service instance to the system you registered in the previous step.
-
In the SAP BTP cockpit, navigate to your global account.
-
In the navigation area, choose Entitlements > Entity Assignments.
-
Select your subaccount from the Select Entities: drop down menu, and then choose Go.
- Choose Configure Entitlements.
- Choose Add Service Plans, and then select the SAP SuccessFactors Extensibility service.
-
In the Available Service Plans area, select the system you have registered. Then, select api-access and sso-configuration service plans, and choose Add 2 Service Plans.
-
Save the changes.
See Configure the Entitlements for the Subaccount in SAP BTP.
-
Make sure you are logged on to SAP BTP cockpit as a Cloud Foundry administrator.
-
In your trial global account, choose Entitlements > Entity Assignments.
-
If there is no entry for the Cloud Foundry runtime, choose Configure Entitlements, and then Add Service Plans.
-
In the popup, proceed as follows:
-
Choose Cloud Foundry Runtime.
-
Under Available Service Plans, select the MEMORY checkbox.
-
Choose Add 1 Service Plan.
-
- On the Entity Assignments screen, choose + on the Cloud Foundry Runtime service row to add at least 1 quota to the subaccount, and then choose Save.
- Clone the GitHub repository:
git clone https://github.com/SAP/task-management-sample-app-sfsf-solutions
-
Configure the details of the SAP SuccessFactors system to which you will connect. To do so, in the root of the project locate the sap-successfactors-extensibility.json file and replace the value of the
systemName
parameter with the system name of the system you registered in Step 1: Connect the SAP SuccessFactors system the corresponding global account in SAP BTP. -
In the root of the project locate the vars.yml file and replace the values of the following parameters:
-
ID
. Enter your user in SAP BTP. It is either an S-user, a P-user, or a trial user. -
REGION_HOST
. Entereu10.hana.ondemand.com
. To check the<region_host>
, go to the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section, and remove thehttps://api.cf.
- Open a console and navegate to the root folder of the project that is created on you local file system after cloning the GitHub repository.
cd <root folder of the project>
- Build the application. To do so, use the following command:
mvn clean install
To connect the task management sample application for SAP SuccessFactors solutions to your SAP SuccessFactors system, you use a destination. For that, you first need to create a Destination service instance using the lite service plan. You can do that from Cockpit or Cloud Foundry Command Line Interface (cf CLI):
-
In the cockpit, navigate to your subaccount, choose Services > Service Marketplace, and on the Service Marketplace screen, search for the Destination service.
-
From the Destination service tile, choose Create and follow the steps in the wizard to create the instance.
-
On the Basic Info step:
-
Make sure to select the lite service plan.
-
In the Runtime Environment field, choose
Cloud Foundry
. -
In the Space field, select the space you are working with.
-
In the Instance Name field, enter
destination
.
-
-
On the Parameters step, leave the JSON field empty.
-
Choose Create.
- Log on to the cf CLI, using this command:
cf login -a https://api.cf.eu10.hana.ondemand.com
The string https://api.cf.eu10.hana.ondemand.com
represents the <api_endpoint>. To check it, open the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section.
-
Navigate to your Org by typing in the console the number that corresponds to your Org in the list with Orgs that is displayed after you log on to cf CLI.
-
If you have more than one space, navigate to your space, by typing in the console the number that corresponds to your space in the list with spaces.
If you have only one space, you will be redirected to it right after you specify your Org.
- Create the Destination service instance, use this command:
cf create-service destination lite destination
6. Create an SAP SuccessFactors Extensibility Service Instance to Consume the SAP SuccessFactors APIs
To consume the SAP SuccessFactors APIs, you create an SAP SuccessFactors Extensibility service instance using the api-access service plan.
During the service instance creation, an HTTP destination on a subaccount level is automatically generated in this subaccount. You use this destination to establish connection to your SAP SuccessFactors system.
Configure the details of the SAP SuccessFactors system to which you will connect. To do so, in the root of the project locate the sap-successfactors-extensibility.json
file and replace the following parameter:
systemName
Enter the system name of the system you registered in [Step 1:](Connect the SAP SuccessFactors system you want to extend with the corresponding global account in SAP BTP).
You can use Cockpit or Cloud Foundry Command Line Interface (cf CLI):
-
In the cockpit, navigate to your subaccount, choose Services > Service Marketplace, and on the Service Marketplace screen, search for the SAP SuccessFactors Extensibility service.
-
From the SAP SuccessFactors Extensibility service tile, choose Create and follow the steps in the wizard to create the service instance.
-
On the Basic Info step:
-
Make sure to select the api-access service plan.
-
In the Runtime Environment field, choose
Cloud Foundry
. -
In the Space field, select the space you are working with.
-
In the System Name field, select your registered SAP SuccessFactors system.
-
In the Instance Name field, enter
sap-successfactors-extensibility
.
-
- On the Parameters step, the JSON file is preconfigured. Choose Next.
- Choose Create.
- Log on to the cf CLI, using this command:
cf login -a https://api.cf.eu10.hana.ondemand.com
The string https://api.cf.eu10.hana.ondemand.com
is the <api_endpoint>. To check it, open the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section.
-
Navigate to your Org by typing in the console the number that corresponds to your Org in the list with Orgs that is displayed after you log on to cf CLI.
-
If you have more than one space, navigate to your space, by typing in the console the number that corresponds to your space in the list with spaces.
If you have only one space, you will be redirected to it right after you specify your Org.
- Create the SAP SuccessFactors Extensibility service instance, use this command:
cf create-service sap-successfactors-extensibility api-access sap-successfactors-extensibility -c sap-successfactors-extensibility.json
To configure the task management sample application for SAP SuccessFactors solutions authentication, you create an Authorization and Trust management service instance with application service plan. You can do that from Cockpit or Command Line Interface (CLI):
-
In the cockpit, navigate to your subaccount, choose Services > Service Marketplace, and on the Service Marketplace screen, search for the Authorization & Trust Management service.
-
From the Authorization & Trust Management service tile, choose Create and follow the steps in the wizard to create the service instance.
-
On the Basic Info step:
-
Make sure to select the application service plan.
-
In the Runtime Environment field, choose
Cloud Foundry
. -
In the Space field, select the space you are working with.
-
In the Instance Name field, enter
xsuaa
.
-
- On the Parameters step, upload the
xsuaa.json
file.
- Choose Create.
- Log on to the cf CLI, using this command:
cf login -a https://api.cf.eu10.hana.ondemand.com
The string https://api.cf.eu10.hana.ondemand.com
represents the <api_endpoint>. To check it, open the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section.
-
Navigate to your Org by typing in the console the number that corresponds to your Org in the list with Orgs that is displayed after you log on to cf CLI.
-
If you have more than one space, navigate to your space, by typing in the console the number that corresponds to your space in the list with spaces.
If you have only one space, you will be redirected to it right after you specify your Org.
- Create the Authorization & Trust Management service instance, use this command:
cf create-service xsuaa application xsuaa -c xsuaa.json
You have to use Cloud Foundry Command Line Interface (cf CLI) to deploy and run the task management sample application for SAP SuccessFactors solutions.
- Log on to the cf CLI, using this command:
The value https://api.cf.eu10.hana.ondemand.com
represents the <api_endpoint>. To check it, go to the SAP BTP cockpit, navigate to the subaccount, go to Overview and copy the API endpoint from the Cloud Foundry section. See Log On to the Cloud Foundry Environment Using the Cloud Foundry Command Line Interface.
-
Navigate to your Org by typing in the console the number that corresponds to your Org in the list with Orgs that is displayed after you log on to cf CLI.
-
If you have more than one space, navigate to your space, by typing in the console the number that corresponds to your space in the list with spaces.
If you have only one space, you will be redirected to it right after you specify your Org.
- In the cf CLI push the
vars.yml
file using this command:
cf push --vars-file vars.yml
To ensure the required security for accessing the applications, you need to configure the single sign-on between the subaccount in SAP BTP and the SAP SuccessFactors system using a SAML identity provider. The single sign-on requires both solutions to be configured as trusted SAML service providers for the identity provider, and at the same time, the identity provider to be configured as trusted identity provider for the two solutions.
-
Download SAML metadata from the SAP SuccessFactors system.
-
Go to
https://<sap_successfactors_system>/idp/samlmetadata?company=<company_id>&cert=sha2
where:-
<sap_successfactors_system>
is the hostname of your SAP SuccessFactors system -
<company_id>
is the ID of your SAP SuccessFactors company
-
-
When you are prompted, save the file on your local file system and change its extension to
.xml
.
-
-
Register the SAP SuccessFactors identity provider in the SAP BTP cockpit.
-
Open the cockpit and navigate to your subaccount.
-
Choose Security > Trust Configuration.
-
Choose New Trust Configuration.
-
-
Make the trust configuration to the SAP SuccessFactors identity provider the only configuration that is available for user logon. To do that, edit all other configurations and unselect the Available for User Logon checkbox. Save the change.
See Establish Trust Between SAP SuccessFactors and SAP BTP.
To configure the subaccount as a trusted service provider in SAP SuccessFactors, you have to create an SAP SuccessFactors Extensibility service instance using the sso-configuration service plan.
-
In the SAP BTP cockpit, navigate to the subaccount which you want to configure as a trusted service provider in SAP SuccessFactors.
-
In the navigation area, choose Services > Service Marketplace, and on the Service Marketplace screen, search for the SAP SuccessFactors Extensibility service.
-
In the SAP SuccessFactors Extensibility page, choose Create.
-
In the New Instance or Subscription wizard:
-
In the Service dropdown list, ensure you have selected the SAP SuccessFactors Extensibility service.
-
In the Plan dropdown list, select the sso-configuration service plan.
-
In the Runtime Environment dropdown list, select Other.
-
In the Instance Name field, enter a name for your instance, for example sso-to-successfactors. Choose Next.
-
To configure the assertion consumer service of the subaccount, specify the system name in the JSON file:
{"systemName": "my-sap-successfactors-system"}
For more information about the structure of the JSON file, see Single Sign-On Configuration JSON File.
-
-
Choose Next.
-
Choose Create.
You have an assertion consumer service for the subaccount created in SAP SuccessFactors and have the SSO between your subaccount in SAP BTP and your SAP SuccessFactors system.
See Configure the Subaccount as a Trusted Service Provider in SAP SuccessFactors.
-
In the SAP BTP cockpit, navigate to <your_Cloud Foundry_space> > Applications, and then choose the approuter-task-management link to go to the Overview page of the application.
-
On the approuter-task-management - Overview page, choose the URL in the Application Routes screen area to open the application in your browser.
Alternatively, copy and paste this URL from routes property in a browser from cf CLI when execute the command:
cf app approuter-task-management
Copyright 2021 SAP SE or an SAP affiliate company and task-management-sample-app-sfsf-solutions contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.