Aggregation Failing for Azure AD Application

GutteStolt · April 14, 2025, 7:21am

Hi All,

We have suddenly started encountering the following issue during both account and group aggregation for the Azure AD application in IdentityIQ:

Error Message:
Exception during aggregation of Object Type account on Application Azure Active Directory. Reason:
Unable to create iterator sailpoint.connector.ConnectorException: Exception occurred in Iterate Objects.
Error message - Exception occurred in processReadRequest. Error - Exception occurred while trying to receive data from Server.
Number of retries exceeded.Access blocked to AAD Graph API for this application. Migrate from Azure Active Directory (Azure AD) Graph to Microsoft Graph - Microsoft Graph | Microsoft Learn.

Has anyone faced a similar issue or knows what could be causing this?

From what I understand, it seems like something might have changed on the application (Azure AD) side, and since IdentityIQ doesn’t have access to the updated object or configuration, the aggregation is failing.

Any insights or suggestions would be appreciated.

Thanks,

enistri_devo · April 14, 2025, 7:40am

Hi @GutteStolt,

did you have upgraded the system or imported the application from an older version of IIQ?

GutteStolt · April 14, 2025, 8:00am

Hi @enistri_devo ,

We not upgraded the system. No, Our iiq version is 8.3. This aggregation is failing suddenly not sure why.

Thanks

enistri_devo · April 14, 2025, 8:03am

ok, so check those points:

the permission for all attributes that you have into the schema
if the client_id is on the graph api .net or .com*
test in postman if you can read the account

*if you use the graph api .com check if you have this key in your app:

<entry key="useMSGraphAPI">
        <value>
          <Boolean>true</Boolean>
        </value>
      </entry>

GutteStolt · April 14, 2025, 8:27am

Hi @enistri_devo,

how to check the permission for the schema attributes?.
I don’t see any client id. the Authentication Method is OAuth 2.0, the test connection is successful.
With the graph i can see only this.

enistri_devo · April 14, 2025, 8:39am

why dont you use the Azure connector?

which api you are using?

GutteStolt · April 14, 2025, 8:47am

Hi @enistri_devo ,

This application is already configured with this Authentication Method.

Below is the connector details.

enistri_devo · April 14, 2025, 8:50am

so do you have a client_id. Check on azure on which api its able to use.

system · June 13, 2025, 8:50am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.