Why Admin access to MDF OData API in SuccessFactors for ISC integration

Identity Security Cloud (ISC) ISC Discussion and Questions
, , ,
1

According to the SuccessFactors connector documentation in ISC, the prerequisite is to provide the following elevated access in SuccessFactors for a successful integration.

To perform connection tasks, you must have the following permissions:

  1. Meta Data Framework - Admin access to MDF OData API
  2. Manage Integration Tools- Manage OAuth2 Client Application

There are concerns regarding SailPoint’s requirement for elevated access - specifically, providing admin rights to the MDF framework in SuccessFactors. Any clarity on which actions SailPoint performs with this access? which SuccessFactors APIs the connector invokes? Do we have this documentation available in SP or SP portal?

Any insights is appreciated. Thanks in advance

-Shree

2

Hello,

Did some searching and found that the permission is required because the SailPoint connector retrieves metadata and configuration objects stored in the SuccessFactors Metadata Framework (MDF) using the OData API.

The SailPoint SuccessFactors connector uses the following APIs:

API Purpose
SuccessFactors OData API (v2) Read HR objects such as User, EmpJob, EmpEmployment
MDF OData API Read metadata, picklists, and custom objects
Employee Central APIs Retrieve employment and job data
OAuth 2.0 endpoint Authentication for the integration

The MDF Admin permission is required primarily for metadata and object discovery, not for administrative configuration changes.