🧩How to sync profile pictures from SuccessFactors to Entra with PowerShell

Today's subject - integration.

Not the fancy, consultant style integration that's super expensive and has a measurable ROI for your business, but the quiet, grounded sort where someone might say "that's neat"

This isn't a script that I'm pulling out of my own archives and that I don't understand anymore and never delivered any value from it, this runs in production every day, solid as a rock, I rarely have to touch it.

But it's also not something that I came up with, this was developed by an infrastructure team I was part of, and I've extended it to meet my own requirements and style over time (more on that later)

So here we go:

🔨 The breakdown

So the first thing you'll notice from that script is I went a little stupid with input validate and error checking for the first half.

We've got parameter validation specifically designed for Entra app registration credentials (you're welcome to steal those, they might be the only part I reuse)

We've got guard clauses left and right to check that variables exist and even more guard clauses to make sure we can import the Graph modules

There's got a little simple .env file loading mechanism (also welcome to steal, but there will be a full write-up of a better version later)

The logic, however, is simple.

Base64 decode your SuccessFactors API user credentials, hit that one endpoint using a unique user identifier (strongly recommend setting up the SuccessFactors Entra provisioning app from the marketplace https://learn.microsoft.com/en-us/entra/identity/saas-apps/sap-successfactors-inbound-provisioning-cloud-only-tutorial

That endpoint will give you a base64 string value for the photo - this is the bit where you'll want to think about if you're using hosted runners or agents in a DevOps pipeline - we convert that string into a byte array and upload that straight to Entra - sidestepping the 'Set-MgUserPhotoContent' Cmdlet because that doesn't support memorystream anymore

If you don't save the photo to a file, you don't have to worry about GDPR.. or something

Honestly I'm not sure what, if anything, I'm avoiding by never writing that photo to disk but I sleep better at night knowing they're processed in memory and never saved.

That was however the biggest change I made to the original, because I wanted to run it anywhere without worrying.

🧑‍🎓The end

In conclusion, it's not exactly rocket science. I do more error checking than I need to, I don't spend time trying to determine if a photo needs to be overridden or not since I don't run this on thousands of accounts yet and just run it once a day.

Subscribe for more of this