ml-connector
Oracle NetSuiteSAP SuccessFactors

Oracle NetSuite and SAP SuccessFactors integration

Oracle NetSuite runs your finance, procurement, and orders. SAP SuccessFactors runs your HR and compensation. Connecting the two keeps your org chart, employee records, and cost centers aligned across finance and HR. New hires and terminations in SuccessFactors update Oracle NetSuite immediately, and department and cost center changes in Oracle NetSuite propagate to SuccessFactors so compensation allocations land on the right cost centers. ml-connector handles the different auth schemes on each side and syncs the data on a schedule you control.

How Oracle NetSuite works

Oracle NetSuite exposes employees, vendors, departments, cost centers, GL accounts, invoices, purchase orders, and other financial records through SuiteTalk REST API over HTTPS. Authentication uses OAuth 2.0 with client credentials and certificate, or token-based authentication. The base URL is account-specific. Oracle NetSuite supports Event Subscriptions for webhooks on certain record types (Sales Orders, Invoices, Customers, Vendor Bills) but does not provide HMAC signatures; instead IP allowlist and shared secret are used. Polling via SuiteQL is also available for bulk reads. OAuth tokens valid for 60 minutes with no refresh token in the M2M flow.

How SAP SuccessFactors works

SAP SuccessFactors Employee Central exposes employees, jobs, compensation, cost centers, departments, divisions, and organizational data through OData V2 and V4 REST endpoints. Authentication uses OAuth 2.0 with SAML bearer assertion: a private key signs a SAML assertion that is posted for a 24-hour bearer token. Bearer tokens expire in 24 hours and must be refreshed daily. Webhooks are configured in the Admin Center UI, not programmatically, and events like NewHire, Termination, and JobInfoChange carry HMAC-SHA256 signatures. API hostnames vary by datacenter and the default page size is 20 records; queries must explicitly request larger page sizes up to 1000 or records will be silently missed. Mutual TLS is available on newer datacenters. Rate limiting returns HTTP 429 or 503 with no rate-limit headers.

What moves between them

Employee, department, and cost center records flow from Oracle NetSuite to SAP SuccessFactors on a schedule or event trigger. SuccessFactors employee lifecycle events (NewHire, Termination, JobInfoChange, CompensationChange) flow back to Oracle NetSuite to keep employee records current. Org structure and cost center assignments are kept in sync in both directions so that SuccessFactors compensation allocations always reference valid Oracle NetSuite cost centers. Financial records in Oracle NetSuite (invoices, POs, GL accounts) remain read-only on the SuccessFactors side; the integration is designed to sync HR and org data, not financial transactions.

How ml-connector handles it

ml-connector stores both credential sets encrypted. For Oracle NetSuite it uses OAuth 2.0 with the client certificate, refreshing tokens when needed within the 60-minute window. For SAP SuccessFactors it generates and signs a SAML assertion with the private key, posts it daily to obtain a 24-hour bearer token, and stores both the assertion and token. On each pull from SuccessFactors, ml-connector explicitly requests $top=1000 records to avoid silent pagination at the default size of 20. Webhook callbacks from SuccessFactors carry HMAC-SHA256 signatures verified against the shared secret. When SuccessFactors returns HTTP 429 or 503, ml-connector backs off exponentially and retries. Employee records pulled from SuccessFactors are mapped to Oracle NetSuite employee entity fields; department and cost center codes must match exactly or the sync is flagged for manual review. Cost centers are upserted first so that when employee job data arrives, the cost center references are valid. Every record carries an audit trail and can be replayed if a downstream upsert fails.

A real-world example

A mid-sized services firm runs Oracle NetSuite for finance, procurement, and project costing. It uses SAP SuccessFactors for HR, compensation, and benefits. Before the integration, the finance team received monthly spreadsheets of new hires and departures from HR and manually updated Oracle NetSuite employee records and cost center assignments, often with lags that caused month-end reconciliations to stall. With Oracle NetSuite and SAP SuccessFactors connected, each new hire in SuccessFactors automatically creates an employee record in Oracle NetSuite and assigns the correct cost center for project billing. Terminations flow back immediately. Compensation changes in SuccessFactors are logged for audit so that when project labor is billed, the cost allocation is complete and reconciliation begins with data already aligned.

What you can do

  • Sync new hires, terminations, and job changes from SAP SuccessFactors into Oracle NetSuite employee records automatically.
  • Keep department and cost center assignments aligned between Oracle NetSuite and SAP SuccessFactors so compensation allocates to valid GL cost centers.
  • Handle OAuth 2.0 with client certificate on the Oracle NetSuite side and SAML bearer token assertion on the SAP SuccessFactors side.
  • Manage SuccessFactors page size and rate-limit throttling (HTTP 429/503) with exponential backoff and retry.
  • Carry a full audit trail on every employee, department, and cost center record and replay failed upserts.

Questions

In which direction do employee and department records flow between Oracle NetSuite and SAP SuccessFactors?
Employees, departments, and cost centers flow from Oracle NetSuite into SAP SuccessFactors to keep org structure aligned. Employee lifecycle events (hire, termination, job change) flow back from SuccessFactors into Oracle NetSuite to keep employee records current. Compensation changes are logged in Oracle NetSuite for audit. Financial records in Oracle NetSuite remain read-only on the SuccessFactors side.
How does ml-connector handle the different authentication schemes on each system?
Oracle NetSuite uses OAuth 2.0 with a client certificate; ml-connector stores the certificate encrypted and refreshes tokens within the 60-minute window. SAP SuccessFactors uses OAuth 2.0 with SAML bearer assertion; ml-connector generates and signs a SAML assertion daily with the private key to obtain a 24-hour bearer token. Both tokens are stored encrypted per customer.
What happens if SAP SuccessFactors returns a rate-limit error or Oracle NetSuite webhook delivery fails?
ml-connector detects HTTP 429 and 503 responses from SuccessFactors and backs off exponentially before retrying. Failed webhook deliveries from Oracle NetSuite or failed upserts into SuccessFactors are logged with full detail and can be replayed manually or on a retry schedule tied to your sync frequency.

Related integrations

More Oracle NetSuite integrations

Oracle NetSuite and Adobe CommerceOracle NetSuite and ADPOracle NetSuite and AdyenOracle NetSuite and AirbaseOracle NetSuite and Amazon Seller CentralOracle NetSuite and AnaplanOracle NetSuite and SAP AribaOracle NetSuite and AsanaOracle NetSuite and AvalaraOracle NetSuite and AvidXchangeOracle NetSuite and BambooHROracle NetSuite and Basware

Other systems that connect to SAP SuccessFactors

Acumatica and SAP SuccessFactorsDATEV and SAP SuccessFactorsDeltek and SAP SuccessFactorsMicrosoft Dynamics 365 Business Central and SAP SuccessFactorsMicrosoft Dynamics 365 F&O and SAP SuccessFactorsMicrosoft Dynamics GP and SAP SuccessFactorsMicrosoft Dynamics NAV and SAP SuccessFactorsEpicor Kinetic and SAP SuccessFactorsExact Online and SAP SuccessFactorsFreshBooks and SAP SuccessFactorsIFS Cloud and SAP SuccessFactorsInfor CloudSuite and SAP SuccessFactors

Connect Oracle NetSuite and SAP SuccessFactors

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started