Ok, I was able to reproduce this in my sandbox in 1/2 scenarios
First, here is the trigger subscription (webhook url obfuscated)
{
"triggerId": "idn:account-aggregation-completed",
"httpConfig": {
"httpDispatchMode": "SYNC",
"httpAuthenticationType": "NO_AUTH",
"url": "https://webhook.site/someRandomGUID",
"basicAuthConfig": null,
"bearerTokenAuthConfig": null
},
"triggerName": "Account Aggregation Completed",
"description": "",
"enabled": true,
"id": "818a547b-8ccc-4b4a-beac-a38cc6ff735c",
"type": "HTTP",
"name": "Test Agg"
}
Warnings showing as success
This is a JDBC source I was testing with, so I changed the accounts query adding a where clause that would result in 0 rows being returned, and thus a deletion of all the accounts. The threshold is currently set at 10%
{
"SQL": "SELECT LOWER(REPLACE([UserName],'CHKENERGY\\','')) [UserName],[RoleValue] [Role] FROM [WellReadiness].[dbo].[UserSecurity] where UserName = 'definitelyWontMatch' order by UserName"
}
Ran the account aggregation, ended in a warning
However, the message sent to the webhook shows a status of Success
{
"_metadata": {
"invocationId": "87258fc7-73a3-48c7-a3c4-247d0a8e412d",
"triggerId": "idn:aggregation-accounts-collected",
"triggerType": "fireAndForget"
},
"completed": "2024-01-12T15:21:27.942933Z",
"errors": [],
"source": {
"id": "2c91808581a6c2b50181b5c0112f2e1a",
"name": "WellReadiness DB",
"type": "SOURCE"
},
"started": "2024-01-12T15:21:24.412Z",
"stats": {
"added": 0,
"changed": 0,
"removed": 0,
"scanned": 0,
"unchanged": 0
},
"status": "Success",
"warnings": [
"Account deletion was skipped for WellReadiness DB because the threshold of 23 was exceeded."
]
}
Errors not firing
I changed the SQL in the account query once again, this time to have a syntax error
{
"SQL": "SELECT LOWER(REPLACE([UserName],'CHKENERGY\\','')) [UserName],[RoleValue] [Role] FROM [WellReadiness].[dbo].[UserSecurity] where UserName = 'definitelyWontMatch order by UserName"
}
Ran account aggregation, ended in error
This time a message was sent to the webhook with an error status
{
"_metadata": {
"invocationId": "7baa438c-5f6d-4ecb-9213-9ee33d4bdf7f",
"triggerId": "idn:aggregation-accounts-collected",
"triggerType": "fireAndForget"
},
"completed": "2024-01-12T15:29:28.174101Z",
"errors": [
"[ ConnectorException ] \n [ Error details ] The server encountered an unexpected error while contacting target system. Please check the logs. Unclosed quotation mark after the character string 'definitelyWontMatch order by UserName'."
],
"source": {
"id": "2c91808581a6c2b50181b5c0112f2e1a",
"name": "WellReadiness DB",
"type": "SOURCE"
},
"started": "2024-01-12T15:29:24.795Z",
"stats": {
"added": 0,
"changed": 0,
"removed": 0,
"scanned": 0,
"unchanged": 0
},
"status": "Error",
"warnings": []
}
I noticed in my production tenant, the errors on aggregation appeared to be after the data was fetched from the source and the aggregation attempted to make whatever inserts/updates it needed to on the IdentityNow side
{
"id": 4654893,
"type": "CLOUD_ACCOUNT_AGGREGATION",
"status": "ERROR",
"timestamp": "2024-01-11T17:06:51Z",
"dateCreated": "2024-01-11T17:06:51Z",
"details": {
"name": "Cloud Account Aggregation - 770ae5688a544bbfa914b024ab657397",
"description": null,
"messages": {
"Error": "com.sailpoint.mantisclient.exception.baserestclient.BaseRestClientConnectionFailedException: Unable to execute request to URI https://prd04-useast1-shelby.accessiq.sailpoint.com/sources/fd3a6d24b06242ffad1265c4c95cf6c7/native-change-detection-config"
},
"attributes": {
"eventId": 4654893,
"clusterCcgBuild": "937",
"appId": "fd3a6d24b06242ffad1265c4c95cf6c7",
"optimizedAggregation": "enabled"
},
"completed": 1704992930139,
"id": "4ce8a43601654c03ba965241634d22d5",
"launched": 1704992810760,
"status": "Error"
},
"user": {
"alias": "SYSTEM",
"externalId": "2c9180846d170ded016d888a96eb160d"
},
"object": {
"id": 1851555,
"externalId": "fd3a6d24b06242ffad1265c4c95cf6c7",
"type": "source",
"displayName": "Azure Active Directory - Guests"
}
}
I was hoping someone from @developer_advocates might weigh in on two questions I have here
-
The documentation for account-aggregation-completed suggests that an aggregation that ends in a warning due to deletion threshold should have a status of ‘Termination’, however, I’m seeing those come over as ‘Success’
-
Aggregations that error out on the IdentityNow tenant side do not appear to trigger a message at all. This is problematic because I have an audit control around aggregation failures, and I don’t currently have an adequate explanation of why an aggregation failure would show up in the audit log, but not trigger an incident record to be created. Is this expected behavior?