Follow this procedure to set up a target connector for SAP Advanced Workflow.
-
You have technical credentials for SAP Advanced Workflow. Note that SAP Advanced Workflow is available to SAP SuccessFactors Incentive Management customers as an optional add-on. You create an Admin user in SAP SuccessFactors Incentive Management, which is synchronized with SAP Advanced Workflow. For more information, see: Adding an Admin User and Commissions User Synchronization.
-
You have set up SSO between Identity Authentication and SAP Advanced Workflow. For more information, see Integration with SAP IdP.
SAP Advanced Workflow enables you to analyse, organize, and execute business processes to connect people, data, and daily activities. Workflow provides you the tools you need to configure and customize your business processes based on your specific business needs.
After fulfilling the prerequisites, follow the procedure below to add a target system for SAP Advanced Workflow where you can provision users from source systems. This target system consumes Workflow SCIM API.
SAP Advanced Workflow does not support groups.
-
Access the Identity Provisioning UI.
-
Sign in to the administration console of SAP Cloud Identity Services and navigate to Identity Provisioning > Target Systems.
-
Add SAP Advanced Workflow as a target system. For more information, see Add New Systems.
-
Choose the Properties tab to configure the connection settings for your system.
If your tenant is running on SAP BTP, Neo environment, you can create a connectivity destination in your subaccount in the SAP BTP cockpit, and then select it from the Destination Name combo box in your Identity Provisioning User Interface.
If one and the same property exists both in the cockpit and in the Properties tab, the value set in the Properties tab is considered with higher priority.
We recommend that you use the Properties tab. Use a connectivity destination only if you need to reuse one and the same configuration for multiple provisioning systems.
Mandatory Properties
Property Name
Value
TypeEnter: HTTP
URLSpecify the URL to the API of your SAP Advanced Workflow system.
ProxyTypeEnter: Internet
AuthenticationEnter: BasicAuthentication
UserEnter the user for your SAP Advanced Workflow system.
Password(Credential) Enter the password for your SAP Advanced Workflow user.
awf.domainThe domain name is the name of your SAP Advanced Workflow tenant.
If you don't know your tenant name, contact your supervisor or administrator, or refer to the email notification you received when your account was created.
(Optional)
ips.delete.threshold.usersUse this property to control the number of users to be deleted in a target system by defining a threshold. This will prevent you from accidentally deleting a huge number of users, for example by adding a filter or condition.
For more information, see: List of Properties
To learn what additional properties are relevant to this system, see List of Properties. You can use the main search, or filter properties by the Name or System Type columns.
-
(Optional) Configure the transformations.
Transformations are used to map the user attributes from the data model of the source system to the data model of the target system, and the other way around. The Identity Provisioning offers a default transformation for the SAP Advanced Workflow target system, whose settings are displayed under the Transformations tab after saving its initial configuration.
You can change the default transformation mapping rules to reflect your current setup of entities in your SAP Advanced Workflow. For more information, see:
The behavior of the default transformation logic is to map all attributes from the internal SCIM representation to the target entity. If the entity has more than one e-mail addresses, only one of them is used. It is either the e-mail set as primary in the source system, or if no primary e-mail is set, the one that comes first is used.
Default transformation:
{ "user": { "condition": "($.emails EMPTY true) || isValidEmail($.emails[0].value)", "mappings": [ { "sourceVariable": "entityIdTargetSystem", "targetPath": "$.id" }, { "constant": ["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:sap.spm.workflow:2.0:User"], "targetPath": "$.schemas" }, { "sourcePath": "$.userName", "targetPath": "$.userName" }, { "sourcePath": "$.name.givenName", "targetPath": "$.name.givenName", "optional": true }, { "sourcePath": "$.name.middleName", "targetPath": "$.name.middleName", "optional": true }, { "sourcePath": "$.name.familyName", "targetPath": "$.name.familyName", "optional": true }, { "sourcePath": "$.active", "targetPath": "$.active", "optional": true }, { "sourcePath": "$.emails", "targetPath": "$.emails", "preserveArrayWithSingleElement": true, "optional": true }, { "sourcePath": "$.phoneNumbers", "targetPath": "$.phoneNumbers", "preserveArrayWithSingleElement": true, "optional": true }, { "sourcePath": "$.timezone", "targetPath": "$.timezone", "optional": true } ] } } -
Now, add a source system from which to read users. Choose from: Source Systems
- Before starting a provisioning job, you can first subscribe for e-mail notifications from the source system you use in your scenario. This way, you will be notified by e-mail about eventual failed entities during the jobs. For more information, see Manage Job Notifications.
- Now, start an identity provisioning job. For more information, see Monitor Provisioning Job Logs.