SPF(supported) / (dedicated subdomain)
DKIM(recommended)



This article covers the SPF and DKIM authentication processes for SAP SuccessFactors and how they are managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.



TABLE OF CONTENTS





Configuring DKIM authentication for your SAP SuccessFactors emails


SPF is enabled by default & you can contact your internal mail administrator to enable SPF record (See KBA 2087468).

For DKIM, Please reach out to SAP Cloud Support team (under component LOD-SF-PLT-SEC) with the following information provided:


  • Company ID
  • Datacenter
  • Your mail domain details;

(Provide a full list of the email domains used by users - there may be more than one).

e.g. @testcompany.com and @testcompany.org.



Note: The DKIM or SPF enablement is done on a data center level. This means that separate requests would only be needed for instances using different domains or same domain on an instance which is hosted on a different data center. Also,  the domain is checked by the operations team before being added to SPF/DKIM, to ensure that it is from the respective customer and that the domain of one customer cannot be used by another customer.



You can also find the instructions on how to set up DKIM and SPF for SAP SuccessFactors, here.






Add a SAP SuccessFactors DKIM key in Enforce


1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.


    a. Scroll down and add the DKIM key in your configuration, by clicking on Add a DKIM key

    b. Enter the selector name, the DKIM TXT value (the actual value is the entire string after the p= tag), associate the key with SAP SuccessFactors and then click Add.

a screenshot of a computer


You can find more detailed information on how to add a DKIM key in Valimail Enforce here. 






Configuring SPF authentication for your SAP SuccessFactors emails


Once you establish that SAP SuccessFactors is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.


1. Please go to your domain's Configuration page in Enforce.

2. Click on the + sign from the Enabled Senders section:


a screenshot of a email


3. Choose SAP SuccessFactors from the list of configurable senders and then click Enable:


a screenshot of a computer


We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.






As always, if you have any questions, please don't hesitate to submit a ticket.