According to the SuccessFactors connector documentation in ISC, the prerequisite is to provide the following elevated access in SuccessFactors for a successful integration.
To perform connection tasks, you must have the following permissions:
Meta Data Framework - Admin access to MDF OData API
There are concerns regarding SailPoint’s requirement for elevated access - specifically, providing admin rights to the MDF framework in SuccessFactors. Any clarity on which actions SailPoint performs with this access? which SuccessFactors APIs the connector invokes?Do we have this documentation available in SP or SP portal?
Did some searching and found that the permission is required because the SailPoint connector retrieves metadata and configuration objects stored in the SuccessFactors Metadata Framework (MDF) using the OData API.
The SailPoint SuccessFactors connector uses the following APIs:
API
Purpose
SuccessFactors OData API (v2)
Read HR objects such as User, EmpJob, EmpEmployment
MDF OData API
Read metadata, picklists, and custom objects
Employee Central APIs
Retrieve employment and job data
OAuth 2.0 endpoint
Authentication for the integration
The MDF Admin permission is required primarily for metadata and object discovery, not for administrative configuration changes.