Skip to main content
All CollectionsGetting StartedOnboarding Integrations
SAP SuccessFactors Integration Instructions – Onboarding
SAP SuccessFactors Integration Instructions – Onboarding
Tony Gump avatar
Written by Tony Gump
Updated over a month ago

Scope of Work

This guide will help you integrate Grayscale with SAP SuccessFactors for seamless SMS communication within our Onboarding module.


Integration Steps

    1. API Server URL

    2. SAP SuccessFactors Username

    3. Company ID

    4. Client ID

    5. Client Secret​


1. Assign Permissions to the Integration User


To ensure Grayscale has access to the required data, assign specific permissions to the integration user in SAP SuccessFactors. You can either create a new user or if you already have a Grayscale Integration User you can add the permissions there.

  1. Create or Select a Role:

    • Go to Admin Center > Manage Permission Roles.

    • Create a new role (e.g., “Grayscale Integration”) or select an existing one.

  2. Assign Permissions: Within the role go to Permissions and locate the permissions under their respective categories as outlined below.

  • User Permissions:

    • Onboarding or Offboarding Object Permissions:

      • Select All (View & Import/Export)

  • Admin Permissions:

    • Employee Central API:

      • Employee Central Foundation OData API (read only)

      • Employee Central HRIS OData API (read only)

  • Metadata Framework:

    • Admin Access to MDF OData API

  • Onboarding or Offboarding Admin Object Permissions:

    • Select All (View & Import/Export)

  • Manage User:

    • Employee Export

  • Manage Integration Tools:

    • Access to OData API Data Dictionary

    • OData API Todo Export

Note: The API role should have 2 role assignments, Target populations needed:

  • All (Employees)

  • All (External Onboarding User)


2. Gather Integration Values


We'll need the following items to connect the integration.

  • API Server URL

  • SAP SuccessFactors Username

  • Company ID

  • Client ID

  • Client Secret

  1. API Server URL:

  2. SAP Username:

    • You can find this under Manage Roles in the Admin center

  3. Company ID:

    • This can be found in your SAP SuccessFactors profile settings under Show version information.

    • You can also find your SAP SuccessFactors company ID as part of your login URL, which is also sent to you in your SAP SuccessFactors welcome email (under "Company Link" - see image below)

  4. Client ID and 5. Client Secret

  1. Log into your SAP instance.

  2. Search Manage OAuth2 Client Applications in the search bar

  3. Click Register Client Application

  4. Fill out Application Name (Grayscale) & Application URL (https://app.gograyscale.com) and click Generate X.509 Certificate

  5. Fill out Common Name (Grayscale) and hit Generate.

  6. Once the screen refreshes, click Download.

    1. This will download a file called Certificate.pem.

  7. Click Register.

    1. You will now see your application listed. Click View.

    2. You will now see an API key listed - this is your Client ID.

  8. Open up the "Certificate.pem" file that you downloaded previously in a text editor.

    1. Rename the Certificate.pem to Certificate.txt and double click to open

    2. Copy the string between ——BEGIN ENCRYPTED PRIVATE KEY——- and —-END ENCRYPTED PRIVATE KEY——- this is your Client Secret


Troubleshooting

Sometimes, in order to get the above permissions and authentication adjustments to take effect, there’s a need for an “OData Metadata Refresh”.

  1. Log into SuccessFactors

    1. Search for refresh and select Refresh under OData API Metadata Refresh and Export?

  2. If your organization's API has IP access restrictions in place, then an admin will need to allow our servers to speak to the SAP API. Do so by adding the values outlined in this SAP documentation.

  3. To add the Grayscale IP Addresses:

    1. In SuccessFactors, search and select Password & Login Policy

    2. Click Set API Login Exceptions and expand it to find the Grayscale Admin User

    3. Click on the Pencil Icon to Edit

    4. Paste in these Comma-delimited IP Addresses:

      1. 44.194.126.11

      2. 44.194.4.0

      3. 3.232.227.174

      4. 3.214.125.237

      5. 54.158.121.71

      6. 44.193.163.62

  4. Click Save and Close

Did this answer your question?