This change improves API support for customers. The SuccessFactors Learning OAuth token server uses HTTP basic authentication (Client ID and Secret) for token requests compared to more secure SAML Assertion Based token request or OpenID Connect (OIDC) protocol.
The transition is mandatory and impacts all customers and partners using the Learning Token Server for API authentication (User/Admin). Integrations that are not migrated will stop working once the Learning Token authentication function is deleted.
Who is impacted?
If you are calling a Learning public API to integrate with a 3rd party application, or using one of the following solution:
- BI reports or dashboard calling LMS public APIs
- OCN (in LMS admin > System Admin > Configuration > System Configuration > OPEN CONTENT NETWORK)
- SAP Workzone and Learning integration
- MS Viva
- Partner Extract (in LMS administration > System Administration > Configuration > System Configuration > PARTNER_EXTRACT)
When will this change become effective?
The deprecation date has been pushed out by a year, we will update our What's New View topic with the new dates shortly.
| Learning Token Server deleted | 2H 2027 release |
| Validated customers experience enforcement | 1H 2028 release |
Customers must transition to one of the supported alternative solution:
- OAuth 2.0 (Platform /BizX Token Server)
- IAS OpenID Connect (OIDC) (target state)
What should I do next?
STEP 1: Identify impacted integrations
Take stock of your integrations and the authentication solution used.
If you don't use Learning Public APIs directly or for integrating 3rd parties then this change will have no impact on your activities and you are not required to take action.
STEP 2: Choosing Between OAuth 2.0 and OIDC
There are 2 options available to transition, ***IMPORTANT*** SAP cannot mandate which one is best suited for your needs/requirements or how it should be set-up for your integrations.
This blog intends to give you enough information to start planning for the change and an overview of a basic set-up for each method.
It is important to note that – eventually, OIDC will be the single solution for SF authentication and therefore, if there are no feature gaps or restrictions on your end this is the solution you should aim to adopt in order to save another transition down the line.
| Topic | OAuth 2.0 | OIDC Token |
| Strategic direction | Target solution | |
|
Use when |
|
your SAP SuccessFactors Platform instance is already integrated with IAS. |
| Security model | SAML assertion + OAuth 2.0 | Modern OAuth 2.0 + OIDC |
| Requires BizX user | Yes | Yes |
| Can use Common SF domain APIs | No | Yes, if you move to OIDC you can leverage the common SF API domain instead of the separate LMS domain. |
| Documentation | Authentication Using OAuth 2.0 |
Authentication Using OpenID Connect (OIDC) API Authentication with IAS as token provider using OIDC protocol |
