Implementing Security Features in SAP SuccessFactors

Objective

After completing this lesson, you will be able to implementing Security Features for SAP SuccessFactors

Security Center

Security Center allows you to create and manage keys, certificates and configurations that can be used in integrations. All the permissions can be granted in RBP, on the Manage Security Center category.

You can access the Security Center from the Admin Center, and it provides a dashboard that has the following tiles:

PGP File Encryption Keys. Import a PGP Public Key to encrypt files generated using SFTP Outbound Integrations. More information https://help.sap.com/docs/successfactors-platform/using-security-center/importing-pgp-file-encryption-key
OAuth Configurations. Configure OAuth 2.0 configurations for outbound connections to other systems. More information https://help.sap.com/docs/successfactors-platform/using-security-center/creating-oauth-configurations
X509 Certificates. Generate and download X509 certificates for OAuth with SAML and mTLS authentication. More information https://help.sap.com/docs/successfactors-platform/using-security-center/generating-x509-certificates
Other Keys - Generate and download keys for file decryption, file signing and SFTP server authentication. More information https://help.sap.com/docs/successfactors-platform/using-security-center/generating-other-keys
HTTPS Trust Certificates - Pull certificates from servers or upload Root CA certificates to establish client-server trust. More information https://help.sap.com/docs/successfactors-platform/using-security-center/uploading-server-certificates and https://help.sap.com/docs/successfactors-platform/using-security-center/uploading-root-ca-certificates
Destination Settings - Maintain SFTP and REST destination settings for Outbound Integrations. More information https://help.sap.com/docs/successfactors-platform/using-security-center/creating-sftp-destination-settings and https://help.sap.com/docs/successfactors-platform/using-security-center/creating-rest-destination-settings
LinkedIn Account Setup. Create customer LinkedIn accounts and select LinkedIn integrations. More information https://help.sap.com/docs/successfactors-platform/using-security-center/setting-up-linkedin-account
X.509 Public Certificate Mapping. Register your X.509 public certificate for mTLS authentication.

SAP SuccessFactors Security Recommendations

The following table shows some of the Security Recommendations in SAP SuccessFactors.

HCM Suite Security Recommendations

Topic	Default Setting	Recommendation
Access Control	The Content Security Policy protects your system from attacks including Cross Site Scripting and data injection.	Enable the Content Security Policy in Provisioning. More information Enabling Content Security Policy Header
Access Control	With the password detection enabled, any page whose request URL or Location response header contains a password will be reported.	Enable password detection in URLs in Provisioning. More information Enabling Password Detection in URLs
Access Control	The Clickjacking Filter prevents clickjacking attacks and protect your confidential information.	Enable the Clickjacking Filter in Provisioning. More information Clickjacking Filter
Identities	With this setting enabled, we are restricting multiple sessions and will prompt a user to log out of other sessions before they start a new session.	Enable the option to restrict Concurrent Sessions in Provisioning. More information (requires log in to SAP for Me):2524768 - Restrict Concurrent BizX Sessions
Security Scan of User Inputs	With the user input security scans enabled, content that is detected harmful is filtered or cannot be saved. For systems created from July 2023, this setting is enabled by default.	Enable the option Security Scan of User Inputs in Application Security Feature Settings if your system was created before July 2023 or it was cloned from a system created before that time.
Sanitize All Rich Text Inputs	With this feature enabled, user inputs generated through rich text editors are sanitized and potentially harmful content is removed. For systems created from July 2023, this setting is enabled by default.	Enable the option Sanitize All Rich Text Inputs in Application Security Feature Settings if your system was created before July 2023 or it was cloned from a system created before that time.
Set up strong password policy	You can configure user management-related password and login policy settings for your company by using the Password & Login Policy Settings admin tool.	Review the Password & Login Policy Settings to set up strong password policy.
Enable API Audit Logs	Enable API audit logs in API Center so you can view and download API transaction history for troubleshooting API issues.	More information Enabling API Audit Logs
Enable interstitial pages for external redirection.	With interstitials enabled, when users try to open an external link from the SAP SuccessFactors application, they are notified of the potential risk and asked to confirm or cancel their action.	Enable interstitial pages for external redirection in Provisioning. Enabling Interstitial Pages for External Redirection

Hint

More information about module-specific recommendations, can be found in the guide Implementing Security Features for SAP SuccessFactors

Summary

Some of the key takeaways for this lesson are:

The Security Center allows administrators to create and manage keys, certifications and configurations that can be used in integration. Some of the available tiles are PGP File Encryption Keys, OAuth Confiugrations or X509 Certificates.
There are some security recommendations in SAP SuccessFactors available for access control, identity, security scan of user inputs or set up a strong password policy.

Continue to quiz