# SAP SuccessFactors connector The Success Factors: User Attributes connector imports user attributes into Nexthink from SAP SuccessFactors using the [User Management API](https://api.sap.com/api/PLTUserManagement/resource/get_User). This connector allows you to enrich custom fields on the `User` object in Nexthink, enabling advanced targeting and personalization within Nexthink Adopt. Use this connector to import custom user attributes such as role, department or location. The connector supports only Basic authentication methods. ## Prerequisites Before configuring the Success Factors: User Attributes ensure you: * Configure the authentication in SAP SuccessFactors. * Configure connector credentials in Nexthink. Refer to the [Nexthink connector credentials](https://docs.nexthink.com/platform/latest/administration/connector-credentials) documentation for more information ## Creating a certificate in the Nexthink interface Before creating the OAuth 2.0 client application in SAP SuccessFactors, create a certificate in Nexthink. 1. In the Nexthink web interface, go to **Administration > Connector credentials**. 2. Click **New credential**. 3. Fill in the following fields: * **Name:** Enter a meaningful name. For example, *SAP SuccessFactors OAuth 2.0 – SAML*. * **Protocol:** Select **Hypertext Transfer Protocol Secure (HTTPS)**. * **URL address:** Enter your SAP SuccessFactors URL (provided by your tenant). * **Authorization:** Select **OAuth 2.0 – SAML**. 4. Save the credential. The **Certificate successfully created** modal appears. 5. Copy the certificate value. Use this certificate when registering the OAuth 2.0 Client Application in SAP SuccessFactors. ## Configuring authentication in SAP SuccessFactors To integrate **SAP SuccessFactors** with Nexthink, configure connector credentials using one of the following authentication methods: * Basic Authentication. Refer to the official [HTTP Basic Authentication – SAP SuccessFactors](https://help.sap.com/docs/successfactors-platform/sap-successfactors-api-reference-guide-odata-v2/http-basic-authentication-deprecated) OData API guide for more information. * OAuth 2.0 Authorization. Refer to the official [Authentication Using OAuth 2.0](https://help.sap.com/docs/successfactors-platform/sap-successfactors-api-reference-guide-odata-v2/authentication-using-oauth-2-0?locale=en-US) documentation for more information. When registering the OAuth 2.0 client application in SAP SuccessFactors, use the certificate that was copied after creating the new credential in Nexthink. ## Configuring connector credentials for OAuth 2.0 authentication After registering the OAuth 2.0 client application in SAP SuccessFactors, complete the configuration of your credential in Nexthink. 1. In the Nexthink web interface, go to **Administration > Connector credentials**. 2. Hover over the the relevant credential and click **Edit** (pencil icon). 3. Under **SAML settings**, fill in the following fields with the values provided from your SAP SuccessFactors configuration: * **NameID**: Enter the SAP SuccessFactors User ID of a user who is authorized to access the OAuth 2.0 client application in SAP SuccessFactors. * **Recipient**: Enter the URL of the API server where you request the OAuth token. SuccessFactors generates the access token using the following format:\ `https:///oauth/token`. * Your SuccessFactors data center determines the `` value. Refer to the official [SAP SuccessFactors Data Center URL list](https://help.sap.com/docs/successfactors-platform/sap-successfactors-api-reference-guide-odata-v2/list-of-sap-successfactors-api-servers?locale=en-US) documentation for more information. * **Issuer**: Enter the issuer information for the SAML assertion, for example, `https://www.nexthink.com`. * **Audience**: Enter the audience value for the SAML assertion. Any non-empty value is acceptable, for example, `https://www.successfactors.com`. 4. Under the **SAML attributes**, add a new attribute with: * **Name:** `api_key` * **Value:** Paste the `client_id` API key generated when registering the OAuth 2.0 client application in SAP SuccessFactors. 5. Under the **OAuth token requests,** click **Add token request** for a new entry request: * Entry 1 * **Name:** `client_id` * **Value:** Paste the same `client_id` API key used for the SAML attributes. * Entry 2 * **Name:** `company_id` * **Value:** Enter your SAP SuccessFactors `company_id` value.
## Configuring the Success Factors: User Attributes connector From the Nexthink web interface: 1. Go to **Administration > Inbound connectors**. 2. Click the **New connector** button in the top-right corner. 3. Select **Success Factors: User Attributes** from the connector list.
The **General** tab includes: * **Name**: A meaningful name for the connector. This name appears on the Administration page. * **NQL ID**: A unique identifier for the connector used when referencing the Success Factors: User Attributes connector in NQL queries. You can initially modify the suggested NQL ID, but once you save the connector, you can no longer change the NQL ID. * **Description**: A short description of the purpose and behavior of the connector. * **Scheduling**: * **Recurrence**: Set the execution time and recurrence. Executions start at the scheduled time and distribute over the hour. * **Connection:** * **Credentials**: Select preconfigured credentials from the Connector credentials page. Refer to the [Connector credentials](https://docs.nexthink.com/platform/integrations/outbound-connectors/connector-credentials) documentation for more information. * **URL**: The system automatically populates this URL when you select credentials.
The **Parameters** tab includes: * **Select**: Enter a comma-separated list of fields to import. Be sure to include a unique user identifier, such as an email address or user name. Refer to the official [SAP Business Accelerator Hub](https://api.sap.com/api/PLTUserManagement/resource/get_User) documentation for available fields. * **Expand (optional)**: Include related objects, such as `hr` or `manager`, if needed. * **Filter** **(optional)**: Define a filter clause to restrict the data set. Refer to the official [OData v4 protocol](https://www.odata.org/documentation/) documentation for syntax.
The **Data mapping** tab includes: * **Identification:** Select a field from the API response to be used to identify users. * **Source identifier (JSONata)**: Enter the field name returned by the API response that identifies users. Use [JSONata](https://docs.jsonata.org/overview) if needed to transform the value. Field names containing whitespaces or [JSONata](https://docs.jsonata.org/overview) reserved characters (such as `.`, `+`, `-`, `*`, `/`, `{`, and so on) must be enclosed in backticks (`` ` ``). * **Nexthink identifier**: Select either **UPN**—requires UPN collection via Collector—or **Email address** —requires the Entra ID connector. * **Field Mapping**: Click **Add mapping** to match custom fields defined on the user object. * **Source identifier (JSONata)**: Enter the field name returned by the API response that identifies users. Use [JSONata](https://docs.jsonata.org/overview) if needed to transform the value. Field names containing whitespaces or [JSONata](https://docs.jsonata.org/overview) reserved characters (such as `.`, `+`, `-`, `*`, `/`, `{`, and so on) must be enclosed in backticks (`` ` ``). * **Nexthink field**: Select the custom field to import the value. ## Test results panel {% hint style="info" %} The **Test results** panel is available only for supported connectors. Connector availability also depends on your license. {% endhint %} Use the **Test results** panel on the right side to run the connector with real data on demand, and inspect responses and errors. The test panel helps with faster debugging and validation during setup, and also with more reliable mappings with less trial and error. Select the **Run test** button to call the API, and validate the credentials and check connectivity to the targeted endpoint.
Besides basic information, such as the response status code and time, the panel also shows a sample record of the response at the bottom.
In the event of an error, the system displays the API response to aid in diagnosing the issue.
## Known limitations * The connector cannot process more than 3 million records per sync. * If employees share the same UPN, the UPN-based identification only processes the first 1,000 user records. * User Principal Name (UPN) requires configuration in Collector. * Email address requires the Entra ID (Azure AD) connector. ## Querying execution logs with NQL Using NQL, you can retrieve detailed insights into the execution of the SAP SuccessFactors connector instances by querying the following table: | Field | Type | Description | | ---------------------------------- | ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `time` | `datetime` | Timestamp of the connector execution log entry. | | `status` | `enumeration` |

Execution status:
success: All rows received and processed.
partial: Some rows ignored due to row limit.
failure: Connector could not receive or process data.

| | `details.name` | `string` | Name of the connector instance. | | `details.description` | `string` |

Description of the error(s), if any. Includes descriptions such as:
Too many rows received...
Invalid JSONata expression for field

| | `details.connector` | `string` | Name of the connector template used. | | `details.credentials` | `string` | Label of the credentials used in the instance. | | `details.credentials_id` | `string` | Unique identifier of the credentials. | | `details.nql_id` | `string` | NQL ID of the connector instance. | | `details.number_of_received_rows` | `number` | Total number of rows received from the source. | | `details.number_of_processed_rows` | `number` | Total number of rows processed by the connector—may differ from imported rows. | Run the `platform.inbound_connector_logs` query to retrieve comprehensive logging information about all inbound connector executions. {% hint style="warning" %} To access this table, you must have the **Platform logs** permission enabled in the **Data model visibility**. {% endhint %} ### NQL examples
Retrieve failed imports for the last 24h {% code overflow="wrap" %} ``` platform.inbound_connector_logs during past 24h | where status == failure | list time, details.connector, details.name, details.error_description | sort time desc ``` {% endcode %}
Retrieve imports for the last 24h (including status and number of processed rows) {% code overflow="wrap" %} ``` platform.inbound_connector_logs during past 24h | list time, details.connector, details.name, details.number_of_processed_rows | sort time desc ``` {% endcode %}