Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure SuccessFactors Encryption

Skyhigh CASB encryption supports the users to encrypt the fields in the Employee profile module of SuccessFactors and protect the sensitive data being shared with the external users. The encryption of fields via Bring Your Own Key (BYOK) supports the Key Management Interoperability Protocol (KMIP).

Let's say you have an employee profile on SuccessFactors and you want to hide the contact information such as name and phone number on that portal for data privacy. To prevent exposing these fields to external users, you need to encrypt the fields in Skyhigh CASB.


Before configuring SuccessFactors Encryption, work with Skyhigh CASB Professional Services to enable SuccessFactors Reverse Proxy (RP) for your Skyhigh CASB tenant.

To see if SuccessFactors is configured, go to Settings > Service Management. Under Services, you should see SuccessFactors as a managed service:

Configure SuccessFactors Encryption

Once SuccessFactors has been enabled, you can set up encryption options.

To configure SuccessFactors Encryption:

  1. Login to Skyhigh CASB.
  2. Go to Policy > Encryption Policy. You are redirected to the Encryption Policy for All Services page.
  3. Locate and click the SuccessFactors managed service.
  4. The Encryption Policies screen is displayed. Under Schema, click the SuccessFactors Object you want to edit.
  5. Select the SuccessFactors fields you want to encrypt, and then select the Encryption Type as Line-oriented Searchable Encryption from the menu.
  6. To deploy the changes, click Deploy. 
  7. A deployment verification window pops up, asking you to confirm all changes being applied. Review the changes and click Deploy.
    Once deployed, you can view the message as Deployment successful.
  8. On the SuccessFactors Employee profile portal, you can view the encrypted fields:
  • Was this article helpful?