Account Aggregation Completed Trigger - Not firing on error, showing success on warning

Ok, I was able to reproduce this in my sandbox in 1/2 scenarios

First, here is the trigger subscription (webhook url obfuscated)

{
        "triggerId": "idn:account-aggregation-completed",
        "httpConfig": {
            "httpDispatchMode": "SYNC",
            "httpAuthenticationType": "NO_AUTH",
            "url": "https://webhook.site/someRandomGUID",
            "basicAuthConfig": null,
            "bearerTokenAuthConfig": null
        },
        "triggerName": "Account Aggregation Completed",
        "description": "",
        "enabled": true,
        "id": "818a547b-8ccc-4b4a-beac-a38cc6ff735c",
        "type": "HTTP",
        "name": "Test Agg"
    }

Warnings showing as success

This is a JDBC source I was testing with, so I changed the accounts query adding a where clause that would result in 0 rows being returned, and thus a deletion of all the accounts. The threshold is currently set at 10%

{
    "SQL": "SELECT LOWER(REPLACE([UserName],'CHKENERGY\\','')) [UserName],[RoleValue] [Role] FROM [WellReadiness].[dbo].[UserSecurity] where UserName = 'definitelyWontMatch' order by UserName"
}

Ran the account aggregation, ended in a warning

image

However, the message sent to the webhook shows a status of Success

{
  "_metadata": {
    "invocationId": "87258fc7-73a3-48c7-a3c4-247d0a8e412d",
    "triggerId": "idn:aggregation-accounts-collected",
    "triggerType": "fireAndForget"
  },
  "completed": "2024-01-12T15:21:27.942933Z",
  "errors": [],
  "source": {
    "id": "2c91808581a6c2b50181b5c0112f2e1a",
    "name": "WellReadiness DB",
    "type": "SOURCE"
  },
  "started": "2024-01-12T15:21:24.412Z",
  "stats": {
    "added": 0,
    "changed": 0,
    "removed": 0,
    "scanned": 0,
    "unchanged": 0
  },
  "status": "Success",
  "warnings": [
    "Account deletion was skipped for WellReadiness DB because the threshold of 23 was exceeded."
  ]
}

Errors not firing

I changed the SQL in the account query once again, this time to have a syntax error

{
"SQL": "SELECT LOWER(REPLACE([UserName],'CHKENERGY\\','')) [UserName],[RoleValue] [Role] FROM [WellReadiness].[dbo].[UserSecurity] where UserName = 'definitelyWontMatch order by UserName"
}

Ran account aggregation, ended in error

image

This time a message was sent to the webhook with an error status

{
  "_metadata": {
    "invocationId": "7baa438c-5f6d-4ecb-9213-9ee33d4bdf7f",
    "triggerId": "idn:aggregation-accounts-collected",
    "triggerType": "fireAndForget"
  },
  "completed": "2024-01-12T15:29:28.174101Z",
  "errors": [
    "[ ConnectorException ] \n [ Error details ] The server encountered an unexpected error while contacting target system. Please check the logs. Unclosed quotation mark after the character string 'definitelyWontMatch order by UserName'."
  ],
  "source": {
    "id": "2c91808581a6c2b50181b5c0112f2e1a",
    "name": "WellReadiness DB",
    "type": "SOURCE"
  },
  "started": "2024-01-12T15:29:24.795Z",
  "stats": {
    "added": 0,
    "changed": 0,
    "removed": 0,
    "scanned": 0,
    "unchanged": 0
  },
  "status": "Error",
  "warnings": []
}

I noticed in my production tenant, the errors on aggregation appeared to be after the data was fetched from the source and the aggregation attempted to make whatever inserts/updates it needed to on the IdentityNow side

{
    "id": 4654893,
    "type": "CLOUD_ACCOUNT_AGGREGATION",
    "status": "ERROR",
    "timestamp": "2024-01-11T17:06:51Z",
    "dateCreated": "2024-01-11T17:06:51Z",
    "details": {
        "name": "Cloud Account Aggregation - 770ae5688a544bbfa914b024ab657397",
        "description": null,
        "messages": {
            "Error": "com.sailpoint.mantisclient.exception.baserestclient.BaseRestClientConnectionFailedException: Unable to execute request to URI https://prd04-useast1-shelby.accessiq.sailpoint.com/sources/fd3a6d24b06242ffad1265c4c95cf6c7/native-change-detection-config"
        },
        "attributes": {
            "eventId": 4654893,
            "clusterCcgBuild": "937",
            "appId": "fd3a6d24b06242ffad1265c4c95cf6c7",
            "optimizedAggregation": "enabled"
        },
        "completed": 1704992930139,
        "id": "4ce8a43601654c03ba965241634d22d5",
        "launched": 1704992810760,
        "status": "Error"
    },
    "user": {
        "alias": "SYSTEM",
        "externalId": "2c9180846d170ded016d888a96eb160d"
    },
    "object": {
        "id": 1851555,
        "externalId": "fd3a6d24b06242ffad1265c4c95cf6c7",
        "type": "source",
        "displayName": "Azure Active Directory - Guests"
    }
}

I was hoping someone from @developer_advocates might weigh in on two questions I have here

  1. The documentation for account-aggregation-completed suggests that an aggregation that ends in a warning due to deletion threshold should have a status of ‘Termination’, however, I’m seeing those come over as ‘Success’
    image

  2. Aggregations that error out on the IdentityNow tenant side do not appear to trigger a message at all. This is problematic because I have an audit control around aggregation failures, and I don’t currently have an adequate explanation of why an aggregation failure would show up in the audit log, but not trigger an incident record to be created. Is this expected behavior?

1 Like