Aggregation error

Hello,

I’m posting because I’ve had a problem with aggregation with Sailpoint and Azure for several days.
I would say that it has never worked.

I have deleted all the attributed risk but it still doesn’t work.
I even recreated the application to make sure there were no errors.

The rights on API permissions are
Azure Active Directory Graph > Directory.Read.all

Microsoft Graph > User.Read

Exception during aggregation of Object Type account on Application “NameOfApplication” Reason: Unable to create iterator sailpoint.connector.ConnectorException: Exception occurred in Iterate Objects. Error message - Exception occurred in processReadRequest. Error - Exception occurred while trying to receive data from Server. Number of retries exceeded.Insufficient privileges to complete the operation.

Thanks for your help

Your permissions do not seem to be sufficient based on the error and what permissions you have specified.

see: Required Permissions (sailpoint.com)

If you are planning to aggregate Service Principals, at a minimum you need Application.Read.All.

If you don’t want to aggregate service principals as accounts, then you need to turn that off using feature management

Not sure if your question was completely answered yet but based on our own Azure AD connection we have the following permissions for the API.

Microsoft Graph > Application.Read.All, AppRoleAssignment.ReadWrite.All, Group.Read.All, GroupReadWrite.All, IdentityRiskEvent.Read.All, IdentityRiskyUser.Read.All, Organization.Read.All, RoleManagement.Read.Write.Directory, User.Invite.All, User.Read, User.Read.All and User.ReadWrite.All.

Now to be fair, I did inherit this configuration and didn’t setup the connection myself so some of these might be redundant or unneeded but this is what we have configured and I haven’t had any aggregation errors with Azure yet.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.