Nakisa Hanelly data integration with SAP SuccessFactors and the transition to OAuth2
Nakisa Hanelly focuses on providing end to end organization analysis and design solutions that empower HR and business leaders to make timely and informed decisions based on data—and to ultimately build an agile organization that supports the strategic goals of their company.
An important component of this spectrum of solutions and products are the connectors that Nakisa provides out of the box to integrate with various HCM and financial systems, to securely and efficiently bring relevant data to Nakisa’s HCM core.
Data integration and data migration at the enterprise scale is often complex, labor intensive and prone to security and data privacy concerns and challenges. Nakisa however, has a very focused and streamlined solution that has been developed, tested and perfected. It is backed by over two decades of experience in the field.
Sunsetting Basic Auth and replacing it with OAuth2
One of the systems that Nakisa Hanelly integrates with to securely and reliably collect relevant data from is SAP SuccessFactors.
SAP SuccessFactors is a modern SAAS HCM system with various modules that support employee journey and organization management.
The Hanelly-SuccessFactors bi-directional data integration is done via an authenticated connection over Secured HTTP (https) with an optional but highly recommended IP restriction.
To authenticate access to its APIs, both SFAPI and OData API, SuccessFactors used a method called Basic Auth. This method uses a username-password-company code combination paired with IP restriction to confirm legitimacy of the source of calls made to either query data or update data via API.
Last year SAP announced that it will stop further development of Basic Auth method to develop and further improve a newer authentication technology based on a more modern protocol called OAuth2. SAP also announced that by end of 2022, it intends to sunset Basic Auth.
Nakisa has also been preparing for this transition by designing and implementing the underlining components. It will roll out the final solution by mid-2022 to provide ample time to its customers to switch to this new method for their SAP SuccessFactors data integration. On the customer side, the effort will be minimal with a simple one-time re-configuration re-establishment of the connection between Nakisa Hanelly and SuccessFactors.
What is OAuth2
So, what is OAuth2 and how does it work? OAuth2 is a framework that allows applications to authenticate with a host application while requiring a minimum exchange of information: a token. Because this method does not require a password exchange, it provides more control and flexibility in granting or revoking access to one application, with zero impact on other applications. This is the preferred method for applications to integrate via API.
There are two parts to this:
- Register the client application, in this case Nakisa SuccessFactors Connector, with the host application, in this case SAP SuccessFactors. In this step, a certificate is generated (by the client), and its public key is shared with the host application. This is a one-time set up step.
- The connection and request to query or update data. This step repeats every time there is data exchange via API; in our case, OData API.
- Connection is initiated by the client application contacting the host, identifying itself and receiving a token.
- The client then contacts the authorization service of the host and provides the token that it previously received from the host’s user services. In return, after its authorization is reviewed and confirmed, client receives another key, assertion key.
- Client then uses this assertion key to contact the resource service and submit requests to query or update data. These requests are then fulfilled within the boundaries of the client’s assertion key.
Below is a diagram illustrating these steps.
For more information, please reach out to your account manager.
The Nakisa Team