Issue during account aggregation for SuccesFactor connector -

bash7 · August 14, 2025, 1:59pm

Sailpoint 8.4p2

Exception DURING account aggregation in TestSuccesFactor.
Cause: Unable to create iterator sailpoint.connector.InsufficientPermissionException:
[ InsufficientPermissionException ] [ Possible suggestions ]
Your permissions and additional picklist values are not completely aligned with recommended practices.
Refer to connector guidelines to set expected values.

[ Error details ]
System aggregated 0 employees.

It seems like the connector is failing due to insufficient permissions or misaligned picklist values. Has anyone experienced a similar problem?
Any guidance on which specific permissions or picklist configurations should be checked for SuccessFactors integration with SailPoint would be greatly appreciated.

Thank you.

daltonherriman · August 14, 2025, 2:18pm

Hey Gedeon,

It seems like you’re on the right track thinking that permissions or picklist values are misaligned. You can find the required permissions for the service account in the documentation for the SAP SuccessFactor connector here: Required Permissions

For example, the required permissions for aggregation:

bash7 · August 14, 2025, 3:20pm

Thanks, Dalton! I can already confirm that this is not related to the picklist values, because the ones I added match exactly what is in the documentation. Thanks for sharing this. However, how can I add the required permissions? Should I add them directly in the application’s XML? I don’t really understand. Thanks.

daltonherriman · August 14, 2025, 3:47pm

You’re granting permissions within SuccessFactors, specifically to a service account that IdentityIQ will use to connect and interact with the SuccessFactors system.

I’d recommend reading through the entire integration documentation here: Connecting SailPoint and SuccessFactors

This is an overview on connecting to SuccessFactors which will help you understand the overall implementation better. After that, go back to the doc I originally linked to you and underneath the heading “Providing Permissions to a Service Account”, you can see an example of how this is done for the “Manage Role Based Permission Access”. Required Permissions

From that doc:
“To perform the group aggregation for the manually added group schema attributes, perform the following steps to provide the Manage Role-Based Permission Access to the service account:

Go to Admin Center and search for Manage Role-Based Permission Access.
Select Add User.
Search through User Name and select the required user.
Select Grant Permission.”

bash7 · August 14, 2025, 5:43pm

Thanks Dalton this is helpful ! I’m on it

vishal_kejriwal1 · August 14, 2025, 10:23pm

Use Postman to test a GET request for an employee to rule out if the issue is with sailpoint or some other issue

vishal_kejriwal1 · August 14, 2025, 10:24pm

Check for custom picklist values in SuccessFactors under:

Admin Center > Picklist Center

Review values for fields such as:

empStatus
employmentType
location
jobClassification

Align picklist values with SailPoint connector expectations:

Use standard codes where possible (A, T, U, etc.)

If using externalCode in picklists, ensure they are not null and match what’s used in the employee records.

bash7 · August 20, 2025, 2:55pm

Hello everyone, thank you for your availability. I’ve done some additional checks.

This bug appears after the upgrade to 8.4p2.

The test I performed was the following:

By testing the same application on another SailPoint environment, the accounts were successfully added after the aggregation.

Here is the error message:
Your permissions and additional picklist values are not completely aligned with recommended practices. Refer to connector guidelines to set expected values. [Error details] System aggregated 0 employees.

According to the documentation, here is the resolution:

Resolution – Your source permissions and additional picklist values are not completely aligned with recommended practices:

Ensure that the service account has all the required permissions.
The Picklist ID value is different from the default values used. To change this value, refer to the Exporting and Verifying the Picklist Values section.
Ensure the picklist values are correct or configured as mentioned in the Picklist Configuration section.

I have performed all 3 tests.

I replaced my picklist values with the expected ones:

<entry key="picklistConfigMap">
    <value>
        <Map>
            <entry key="employeeClassPickList" value="EMPLOYEECLASS"/>
            <entry key="employeeStatusPickList" value="employee-status"/>
            <entry key="employeeTypePicklist" value="employee-type"/>
        </Map>
    </value>
</entry>

But the error message is still the same.

I think the issue is related to the upgrade of SailPoint to 8.4p2, but I still don’t know exactly where the problem comes from.

Topic		Replies	Views
SuccessFactors Single Account Aggregation issue IIQ Discussion and Questions rules , identityiq	8	601	February 4, 2024
SuccessFactors SaaS Connector Error ISC Discussion and Questions saas-connector , aggregation , identity-security-cloud	5	91	July 6, 2025
Integration of SuccessFactor's as a webservice connector to pull the custom attributes using Odata APIs ISC Discussion and Questions aggregation , identity-security-cloud	8	225	October 18, 2024
IDN - Integrating SailPoint with SuccessFactors ISC Discussion and Questions	1	1273	July 19, 2023
Salesforce connector aggregation error, IIQ Discussion and Questions aggregation , identityiq	6	59	December 15, 2024

Issue during account aggregation for SuccesFactor connector -

Sailpoint 8.4p2

Related topics