Using SAP SuccessFactors Integration Center with file Decryption and Encryption (PGP) – Outbound and Inbound samples

The SAP SuccessFactors Integration Center allow us to build integrations quickly and easily. Two very common scenarios are:

  • exporting CSV file to outbound SFTP destination;
  • importing CSV file from SFTP destination.

We will share sample of how to enhance the security using encryption.

Objective of this blog post:

Our Integration center handbook cover all possible integrations that you can build. In this blog post, we will share three working samples using File Encryption with PGP for outbound and inbound integrations.

Setting the Context:

  • Integration center can be used with SFTP SuccessFactors hosted or SFTP hosted outside SuccessFactors.
    • For customer own SFTP, check more details in this KBA 2395508 – IP addresses to be added into allow list when customer’s own sftp is used with Integration Center.
  • Port 22 is the supported port for SFTP communication. Custom port is not authorized for communication.
  • When sending the sensitive data it is always recommended to encrypt the data at message level.
  • Integration center offers message level encryption using PGP (Pretty Good Privacy) encryption methodology.
  • Encryption can be achieved:
    • through Public key, if the keypair is generated via Admin Center > Security Center.
    • using external softwares to generate PGP key pair.

Should I choose Security center to generate the keypair?
This depends on the scenario /functional context of the integration.

  • Security center in SuccessFactors generates asymmetric keypair (Public and Private keys are different).
  • Only public key can be downloaded from SuccessFactors.
  • Private key can not be downloaded due to security reasons
    • Hence this makes the choice of Security Center invalid for consideration when you want to generate keypair for encryption purpose.

What is the alternative if security center cannot be used to generate the keypair ?
You can contact your local IT team to check which software is approved and can be used to generate the PGP keys. For example purpose we have used “GoAnywhere OpenPGP Studio”.

 

File Encryption Outbound sample using Security center generated key:

Warning: Don’t start doing this process without reading until the end, because we will not be able to decrypt the encrypted CSV file generated outside SuccessFactors.

Open your Admin center > Security Center > Other Keys.

Press “New” button > fill out the details like sample below selecting the Category = Decryption Key (PGP). The name chosen was “Sample_for_Blog” and this will be used later in inbound sample too.

After completing, press the button “Generate and Save“.

Later you will see the button “Download Public Key“, press it and the browser will download one .pub file.

In my sample I can find in my downloads folder the file = “Sample_for_Blog_publicKey.pub

Then you can go to Admin center > Security Center > PGP File Encryption Keys > click on “Import a key”

Later we will be able to see the File Decryption key we just imported under Integration center > Destination Settings > Advanced Settings > File Encryption field, select the option in the dropdown.

Once you run your Integration Center interface and look the folder selected of your integration, we will have one new file created with the .csv.pgp extension.

You can open this file with your TXT software editor, but the content will be encrypted like sample below.

We cannot decrypt this content because we don’t have the Private Key (only SuccessFactors application have it and like mentioned earlier, this cannot be downloaded).

This scenario we just explained only fits in the business use case of exporting files from SuccessFactors to SFTP (outbound) and later on, you have another Integration center process to import the same file again into SuccessFactors (inbound). Like we mentioned earlier, this option might be invalid for you because you might want to decrypt (view data) the file generated outside SF application. Then please consider using the next option described below.

File Encryption Outbound sample using alternative software:

Considering that in the scenario above we could not decrypt the file outside SuccessFactors application due missing Private key, you can use alternative software like “GoAnywhere OpenPGP Studio” to complete this process.

Using this software pressing the “Create” button, one popup will come to fill out details, find below my sample:

After completing, press Create button again.

Then you can use the button “Export Public Key(s)” and generate one .asc file in your computer.

In my sample, I exported the “PGP_Blog_Sample.asc” file.

Then you can go to Admin center > Security Center > PGP File Encryption Keys > click on “Import a key” and select this file.

 

Later we will be able to see the File Decryption key we just imported under Integration center > Destination Settings > Advanced Settings > File Encryption field, select the option in the dropdown.

Once you run your Integration Center interface and look the folder selected of your integration, we will have one new file created with the .csv.pgp extension.

You can open this file with your TXT software editor, but the content will be encrypted like sample below:

How to decrypt? Using the the same software we generated the keys.

Click in the “OpenPGP Tasks” tab.

Select the file in your computer and use the button “Decrypt & Verify“, in the popup, click in “Decrypt”, select the key you created earlier and run. As the result, you can see the file source and destination and if your process was Successful or Failed.

Now going to the destination folder, I can see the file named only “pgp” stored. Opening with some TXT software, I can see the actual data decrypted (dummy data from SF Salesdemo instance).

In that way we could decrypt the file generated by the Integration center using the Public Key we imported earlier. The decrypting process of the file generated by Integration center in our SFTP was  completed with this alternative software outside SuccessFactors application.

 

File Decryption Inbound sample using Security center generated key:

Now let’s consider we are using the same key we created via the 1st step mentioned in this blog (“Security Center > Other Keys”).

You can also use other methods like generating the keys (Public and Private) outside SuccessFactors application in alternative softwares. In this sample we will focus with keys generated by SAP SuccessFactors application.

Going to your Integration center > Source Settings > Advanced Settings > File Decryption field, select the option (same we documented earlier in this blog) in the dropdown.

The file we could not read before (decrypt) in the steps of “File Encryption Outbound sample using Security center key” of this blog post, now it could be decrypted by the Integration center Inbound integration sample according RUN NOW logs below:

This was achieved because the “Sample_for_Blog” Private key is stored inside SuccessFactors application.

Conclusion:

Using the instructions of this blog post, you can set up file encryption and decryption with SuccessFactors Integration Center generated keys or using alternative software too.

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.