SAP Release Manager

1H 2025 Edit

New Role-Based Permission for Requesting OpenID Connect Tokens for Outbound API Calls

General Availability Info Only Automatically On Impact: Low AI Enriched

Description

We've added a new role-based permission to control access to OpenID Connect (OIDC) token requests for outbound API authentication.See More

Detailed Description

We've added a new role-based permission to control access to OpenID Connect (OIDC) token requests for outbound API authentication. With this update, users with the User Permissions General User Permission Request OpenID Connect Token Request OpenID Connect Token for Outbound API Calls permission can obtain an OIDC token through SAP SuccessFactors. This token is used to authenticate outbound API calls to external applications using Identity Authentication as the Identity Provider.

Impact Assessment

This change affects SAP SuccessFactors implementations by introducing updated behavior or new capabilities. Implementation teams should review the change and assess whether configuration adjustments, user training, or regression testing are required. The impact is expected to be minimal and may not require any action.

Test Recommendations

• Test all API integrations that use the deprecated or updated endpoints to confirm continued operation.
• Validate authentication mechanisms (OAuth, certificates) for API connections after the change.
• Test the updated UI across supported browsers and screen resolutions.
• Verify navigation flows and ensure no broken links or missing UI elements.
• Test authentication flows with the new method (certificate/OAuth) before disabling Basic Auth.

Product: Platform

Modules: Identity and Access Management

Feature: Single Sign-On

Reference: PLT-86030

Version: 1H 2025

Valid as Of: May 16, 2025

Latest Revision: Apr 04, 2025

SAP Documentation

Affected Areas:

Integrations & APIs