The SuccessFactors integration is a read-only, nightly sync of your employee directory information into the Together Platform. We do not push back any data into SAP.

Registering Your OAuth2 Client Application

  1. Log into your instance as an administrator.

  2. Go to Admin Center > API Center > OAuth Configuration for OData and choose Register Client Application. You can also access the tool by searching Manage OAuth2 Client Applications in Action Search.

  3. On the new OAuth client registration screen, enter the following information:



Application Name

Together Integration

Application URL


4. Click on "Generate x.509 Certificate"

5. Enter for the Common Name(CN) and click Generate

6. You will then return to the previous menu with a X.509 Certificate. Click on "Download" in order to save the private part of the certificate that you will later be sharing with us. It is required to download the certificate now since SuccessFactors does not store this part of the certificate.

7. Click on Register.

8. You will return to the recently created "OAuth Client Application" by clicking 'view' to access the Company and API Key. Please take note of these values, since you will need to share them with us later.


Create an Integration User

Together with the app details, we’ll need a technical user who will be used to make the OData API requests to SuccessFactors. This user needs to have permission to make these kinds of requests and to access the employee data we want to import.

  1. Create a new user for this purpose through the Add New Employee wizard. Note the ID of this user for later.

  2. Now return to the Admin Center and click on Manage Employees > Set User Permissions > Manage Permission Groups.

  3. Click “Create New” to make a new Permission Group. Name the permission group “Together Integration Permission Group” and assign it to the user we created earlier.

  4. Access the Permission Role List menu by searching for "Permission Role List". Click "Create New". This will take us into the "Permission Role Detail", where you can provide a role name and description.

Here we are going to add the permission required by the integration user for communicating with SAP SF in the way we expect. The permissions required are:

  • EmpEmployment

  • photo

  • jobInfo

  • user

  • person

Grant this role to the group we previously created containing the user. Go to section 3 and click "Add". Select the permission group by clicking “Select...”

Click on Save Changes

Integration Self-Serve 

Head to Admin > Settings > Integrations SuccessFactors

Enter the following information into the Self-Serve window including the email of the integration owner:

  • Client ID – API key from the OAuth app

  • User ID – ID of the technical user to make the token request.

  • Private key – The private key of the certificate added or generated for the integration app previously subscribed in SAP SF.

  • Company ID – Company ID that represents the company in SAP SF.

  • Base URL – URL for the SAP instance (e.g.,

Screenshot 2023-09-27 at 4.36.30 PM.png

Click the Submit button to begin testing your configuration and process the sync.




Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Article is closed for comments.