Attribute Synchronization for my Entra ID

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi all,

I’ve enabled Attribute Synchronization for my Entra ID source in SailPoint IdentityNow.

:white_check_mark: What’s Working:

When I trigger attribute sync manually for an individual identity, it works as expected and updates the attributes on the target.

:cross_mark: Issue:

However, when I run aggregation and try to trigger sync for all identities, I receive the following error in the event logs:

css

CopyEdit

["sailpoint.connector.ConnectorException: Command timed out"]

This results in “Modify Account Failed” errors for multiple identities.

:puzzle_piece: Question:

  • Is there a way to resolve this timeout issue when syncing in bulk?

Trying to increase the provisioning timeout:

I am getting error while executing below JSON,

URL - PATCH https://sailpoint.api.identitynow.com/v3/sources/1234567890sourceID

Header - Content Type - application/json-patch+json

Body-
[
{
“op”: “replace”,
“path”: “/connectorAttributes/aggregateTimeout”,
“value”: 45
}
]

Error -

{
“detailCode”: “400.1 Bad request content”,
“trackingId”: “d5bc9d603fc345fba3f77c9e7745b176”,
“messages”: [
{
“locale”: “und”,
“localeOrigin”: “REQUEST”,
“text”: “The request was syntactically correct but its content is semantically invalid.”
},
{
“locale”: “en-US”,
“localeOrigin”: “DEFAULT”,
“text”: “The request was syntactically correct but its content is semantically invalid.”
}
],
“causes”:
}

as I can see in my source following variable in
"connectorAttributes" object:

  1. healthCheckTimeout
  2. channelFilter
  3. groupsDeltaToken
  4. idnProxyType
  5. clientCertificate
  6. clientID
  7. deltaAggregationEnabled
  8. mailContactFilter
  9. pageSize
  10. manageAdminConsentedPermissions
  11. connectionType
  12. exoAuthenticationType
  13. spnAccountFilter
  14. spConnectorInstanceId
  15. userDeltaToken
  16. cloudExternalId
  17. clientSecret
  18. isCaeEnabled
  19. aggregateHiddenAccessPackages
  20. spnManageAzureADPIM
  21. aggregateAllGroups
  22. aggregateGroupHierarchy
  23. manageO365Groups
  24. sourceConnected
  25. userFilters
  26. directoryRolesDeltaToken

i am unable to find
provisioningTimeout and aggregateTimeout

So how this will work

“/connectorAttributes/aggregateTimeout”

I can increase time for healthCheckTimeout
because It is part of the object

2

You can add the key value pair if that doesn’t exists .

3

Try to use “add” operation instead of “replace” i.e.

[    {        "op": "add",        "path": "/connectorAttributes/aggregateTimeout",        "value": 45    },]
4

Thanks @ManojSingh01

Now i can update Timeout value, but still i am getting below issue

image
image1717×408 27.2 KB

Could you please help me to fix it ?

5

This looks like the issue while modifying the account. So, you can add the provisioningTimeout to increase the default timeout value by using the same API which @ManojSingh01 mentioned. Below is the request body

[
  {
    "op": "add",
    "path": "/connectorAttributes/provisioningTimeout",
    "value":"45"
  }
]

You can keep increase the value by 15 if it is not resolved with the current value until it get succeeded. The issue may be due to the bulk update process for initial attribute sync. Once all processed successfully, you can decrease the value to the optimal duration.

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.