Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Assigning permissions to the SuccessFactors API User

To restrict the access of the API user to only the required APIs perform the following steps:

  • Login to the SuccessFactors UI

  • Click 'Admin Center'

  • Under Tools search for permissions and click 'Manage Permission Groups'

  • Create a new Group called PowerConnect

  • Assign the API user to the PowerConnect Group

...

  • After creating the group go to 'Manage Permission Roles'

...

  • Create a new role called PowerConnect

  • Add the required roles for each API

    • For ODATA Audit Log access check ‘Access to OData API Audit Log’

      image-20240229-040700.pngImage Added

    • For EMEvent access check ‘Read Execution Manager Events’ and ‘Read Execution Manager Event Payload or Event Report’:

      image-20240229-040747.pngImage Added
    • For Payroll related APIs check ‘View - Data Replication Configuration’ ‘View - Data Replication Proxy’ ‘View Current, View History - Employee Payroll Run Results’ ‘View - Employee Payroll Run Results.employeeRunResultsItems’ :

      image-20240229-041007.pngImage Added
  • For Replication related APIs check ‘Employee Central Foundation OData API (read-only), Employee Central HRIS OData API (read-only), Employee Central Compound Employee API (restricted access), Admin access to MDF OData API, Access to Data Replication Monitor

    Mass Export from Data Replication Monitor’

    image-20240925-042644.pngImage Addedimage-20240925-042901.pngImage Added

    image-20240925-043100.pngImage Added

  • Click ‘Grant this role to…’

...

  • Choose the PowerConnect Group

...

  • Click 'Done'

Creating an OAuth 2.0 Token flow

  • Login to the SuccessFactors UI

  • Click 'Admin Center'

  • Under Tools search for oauth and click 'Manage OAuth2 Client Applications' > Select 'Register Client Application'

  • Under Application Name use powerconnect (or some recognisable name)

  • Under Application URL use any valid url e.g. https://www.powerconnect.io

...

  • Optionally tick the Bind to Technical User and enter the api username in the text box (otherwise default is sfadmin)

  • Click “Generate X.509 Certificate”

  • Enter the “Common Name (CN)” (e.g. powerconnect). Leave the rest of the fields blank:

  • Click Generate. The X.509 Certificate field will now be populated:

...