We currently have approximately 7,000 identities in our production SailPoint IDN environment. We have scheduled aggregations running every hour from our Authoritative Source, SAP.
However, about 250 identities are in an error state because one of the required attributes for a transform is not being aggregated from the source.
We have verified through Postman calls, using the same service account permissions and credentials as those configured in SAP, that the attribute exists in SAP and is accessible with the account permissions.
Interestingly, when we manually go into an individual identity, open their SAP account, and click “aggregate account,” we see the attribute populated in the identity. Subsequently, if we click “process” identity, the identity exits the error state.
Could you please advise on how we can resolve this issue so that the attribute is aggregated automatically during the scheduled aggregation process? Or if there is an API we can call to trigger identity aggregation for these error state identities?
It is not working as expected and it is not realistic to perform these manual steps for 250+ identities.
Is there a difference in the API used by Main account aggregation and the API used for individual account aggregation? I cannot see these in the Postman collection.
I am seeking advice on how to fix this, I have opened a ticket but I haven’t received any solutions. Support requests SOAP responses, when we are using SFAPI.
When processing aggregations by default SailPoint is looking to see if data has changed that is required it to be reprocessed in order to optimize the aggregation process. Sometimes you need to run an unoptimized aggregation to reprocess all of the data. You can do this using the API in a tool like Postman with this API to disable Optimization:
Unoptimized aggregations can be done only via API. There is no option in UI to run that.
You can use a powershell script to call this unoptimized aggregation API and save the script it in a windows machine (like iq service server of Active Directory) and schedule this powershell script via windows Task Scheduler to run daily.
Hi @abmcleann ,
You can use ISC workflows and use “Scheduled Trigger” and “http action” to do the api call for unoptimised aggregation.You will be able to schedule it in every few weeks as you wanted. Triggers - SailPoint Identity Services
