Azure AD Configure SAP SuccessFactors - limitation in standard connector

Ahmad Quraishi 1 Reputation point
2020-07-01T16:45:51.77+00:00

Hi All,
For one of our clients, We want to perform User provisioning from SuccessFactors Employee Central into Local Active Directory (AD) and Azure AD, with write-back of the email address to SuccessFactors. This integration is doable using the standard Azure AD connector. There is some limitation using this connector e.g. for write-back option, only email address to SF is available. Questions we have:

1) Can we add additional fields in the write-back option in the SuccessFactors Writeback app available for Azure AD? e.g. not just email address but user id, Business phone, etc. as well. Write back from Azure AD to SF?

2) The Azure AD to SF integration documents suggests that triggers for changes only happen when there is change of name, title, or manager field in SF. Is this so limited? If an employee changes its position, will the trigger not happen?

So far the clients we have worked with have gone with developing a connector using SAP SCP CPI between Azure AD and SF but we would like to use the standard AD Azure connector between SF and AD Aure and there are not examples we can find!

We are following the documents on https://video2.skills-academy.com/en-us/azure/active-directory/saas-apps/sap-successfactors-inbound-provisioning-tutorial#part-4-configure-attribute-mappings

Regards,

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,439 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 36,841 Reputation points Microsoft Employee
    2020-08-06T22:54:10.28+00:00

    1) It looks like it is possible to update the User ID. There is a feedback item in User Voice for this that was updated.

    Here are the steps:

    1) Update the permissions for Workday Integration System User to allow username writeback. Add Get and Put operation support for “Workday Accounts – Domain Security Policy”
    2) Modify the Workday Writeback attribute mapping to map Azure AD userPrincipalName to Workday UserID attribute
    3) Clear current state and run full sync

    Business phone also appears to be possible and the steps for adding that are documented here: https://video2.skills-academy.com/en-us/azure/active-directory/saas-apps/sap-successfactors-writeback-tutorial

    2) The document says, "The Azure AD Provisioning Service runs scheduled synchronizations of identities from SuccessFactors EC and identifies changes that need to be processed for sync with on-premises Active Directory."

    Based on this it should identify any changes and not just the ones you mentioned. Where do you see that it only triggers for name, title, or manager field?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.