SuccessFactos to Microsoft Entra no permissions to query the PerPerson entity

Hristo Patsev 0 Reputation points
2024-04-18T09:25:02.53+00:00

Hello there,

I am trying to connect SuccessFactos as source of truth to Microsoft Entra.

When setting up the provisioning I get this error:
No persons returned from SuccessFactors. Ensure that the account used has sufficient permissions to query the PerPerson entity.

I followed the steps of the official article but it does not mention how the SF needs to be set up to even query the PerPerson entity in first place. I managed to enable the PerPerson entity but in spite of activating all required /and even more/ permissions I can't get over this error.
Any ideas, anyone? Thank you in advance!

https://learn.microsoft.com/en-us/entra/identity/saas-apps/sap-successfactors-inbound-provisioning-cloud-only-tutorial

Regards,
Hristo

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,521 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Khaled El-Sayed Mohamed 1,150 Reputation points
    2024-04-18T09:40:20.2466667+00:00

    hi,

    if your problem or a part from it related to SAP

    Permissions for Querying PerPerson Entity:

    1. Permissions for Querying PerPerson Entity:

    o The error message indicates that no persons were returned from SuccessFactors, and it suggests checking the permissions for querying the PerPerson entity.

    o To query the PerPerson entity, ensure that the account you’re using has sufficient permissions. Here are some steps to consider:

    1. Role-Based Permissions (RBP):

    o SuccessFactors leverages a security model called Role-Based Permissions (RBP). RBP allows you to restrict and grant access to various parts of the SAP SuccessFactors suite.

    o RBP controls access to applications, including the ability to view and edit data.

    o Permissions are managed through permission roles and permission groups1.

    1. Setting Up Permissions:

    o To enable querying of the PerPerson entity, follow these steps:

     Create a Permission Role: Ensure that you have a permission role that grants access to the PerPerson entity.

     Assign Permissions: Assign the necessary permissions to the role. These permissions should include the ability to query the PerPerson entity.

     Check Tree Security Permissions: Verify that tree security permissions are correctly configured. Note that tree security permissions are not supported by the latest Role-Based Permissions (RBP)2.

     Compensation and MDF Permissions: If applicable, ensure that compensation and MDF (Metadata Framework) permissions are set appropriately2.

    1. Troubleshooting:

    o If you’ve already activated all required permissions and still encounter the error, consider the following:

     Data Blocking Settings: Check if any data blocking settings are affecting the query. Sometimes, specific settings may prevent data retrieval.

     Review Latest Role-Based Permissions: Familiarize yourself with the latest Role-Based Permissions (RBP) experience. SAP encourages users to transition to the new UI look and prepare for the retirement of legacy Role-Based Permissions in future releases2.

    1. Official Documentation:

    o Refer to the official SAP Help Portal for detailed information on the PerPerson entity and Role-Based Permissions34.

    o If necessary, consult your organization’s SAP SuccessFactors administrator or support team for further assistance.

    Remember that permissions play a crucial role in accessing and querying specific entities within SuccessFactors. Double-checking your permissions and understanding the Role-Based Permissions model will help you troubleshoot this issue effectively. If you encounter any specific challenges during the setup, don’t hesitate to seek additional guidance from your organization’s experts. 🌟

    0 comments
  2. Khaled El-Sayed Mohamed 1,150 Reputation points
    2024-04-18T09:45:43.2433333+00:00

    in general

    The error message "No persons returned from SuccessFactors" indicates that the account you're using for provisioning doesn't have the necessary permissions to access employee data in SuccessFactors, specifically the PerPerson entity. Here are some troubleshooting steps you can try:

    1. Double-check Permissions:
    • Review the official Microsoft documentation for user provisioning from SuccessFactors to Entra. It should outline the required SuccessFactors permissions for the provisioning user account.
    • Ensure the account has access to read the PerPerson entity, along with any other relevant entities needed for user provisioning (e.g., groups, departments).
    1. Verify PerPerson Entity Activation:
    • While you mentioned enabling the PerPerson entity, it's worth confirming it's still active. Sometimes configurations can get changed inadvertently.
    1. Review SF User Account:
    • Check if there are any restrictions on the SuccessFactors user account used for provisioning. These might limit data access even with seemingly sufficient permissions.
    1. Test Permissions:
    • Consider using a separate SuccessFactors user account with well-defined permissions to test if it can query the PerPerson entity. This can help isolate if the issue is with the specific user or configuration.

    Additional Resources:

    While I can't provide links directly, searching online for these might be helpful:

    • "[SuccessFactors to Microsoft Entra ID User Provisioning error: PerPerson missing or wrong TenantURL]"
    • "[SuccessFactos to Microsoft Entra no permissions to query the PerPerson entity]"

    If you've tried these steps and are still encountering issues, consider reaching out to Microsoft Entra support or the SuccessFactors community for further assistance. They might have more specific insights into your configuration and can provide tailored troubleshooting steps.The error message "No persons returned from SuccessFactors" indicates that the account you're using for provisioning doesn't have the necessary permissions to access employee data in SuccessFactors, specifically the PerPerson entity. Here are some troubleshooting steps you can try:

    1. Double-check Permissions:
    • Review the official Microsoft documentation for user provisioning from SuccessFactors to Entra. It should outline the required SuccessFactors permissions for the provisioning user account.
    • Ensure the account has access to read the PerPerson entity, along with any other relevant entities needed for user provisioning (e.g., groups, departments).
    1. Verify PerPerson Entity Activation:
    • While you mentioned enabling the PerPerson entity, it's worth confirming it's still active. Sometimes configurations can get changed inadvertently.
    1. Review SF User Account:
    • Check if there are any restrictions on the SuccessFactors user account used for provisioning. These might limit data access even with seemingly sufficient permissions.
    1. Test Permissions:
    • Consider using a separate SuccessFactors user account with well-defined permissions to test if it can query the PerPerson entity. This can help isolate if the issue is with the specific user or configuration.

    Additional Resources:

    While I can't provide links directly, searching online for these might be helpful:

    • "[SuccessFactors to Microsoft Entra ID User Provisioning error: PerPerson missing or wrong TenantURL]"
    • "[SuccessFactos to Microsoft Entra no permissions to query the PerPerson entity]"

    If you've tried these steps and are still encountering issues, consider reaching out to Microsoft Entra support or the SuccessFactors community for further assistance. They might have more specific insights into your configuration and can provide tailored troubleshooting steps.

    0 comments