Azure Account Aggregation filter cloud group

Hi Team,

I am working with SailPoint IdentityIQ and have integrated an Azure application using the direct connector. In the account schema, I am trying to filter only cloud-based groups within the group attribute during account aggregation.

Current Setup:

• Application Type: Azure Direct Connector
• Account Schema Attribute: group

Issue Faced:

Currently, I haven’t applied any filters, and during account aggregation, both on-prem AD groups and cloud groups are being pulled. I want to restrict the aggregation to only cloud groups. In group aggregation we are aggregating cloud only groups. But in certification we can see both on-prem AD groups and cloud groups, i think this is because from account aggregation the group attribute getting all those group.

Questions:

1. How can I filter only cloud groups in the account schema during aggregation?

@deepakn
If you have segregation of OnPrem groups vs cloud groups, you can handle this in customization rule, in the object value remove the onprem groups from the object

This way membership of OnPrem groups can be avoided during aggregation

Can you guide me on whether we need to use a customization rule for account aggregation? If yes, can you provide the rule?

@iamksatish can you help on this?

Hi There,

Identity IQ 8.4 here

We use the following filter on the application to only aggregate cloud only Groups

onPremisesSyncEnabled ne true

Just make sure the Advanced Group Filter box is checked on the application.

Hi @mrioux ,

From group aggregation we are only fetching Cloud only group. But on prem(AD Groups) it is coming from the Account Aggregation. Can you just help how to stop on-prem from Account Aggregation.

I also see so many thread going on this topic, please refer and let me know.

1. https://ideas.sailpoint.com/ideas/GOV-I-1833
2. https://ideas.sailpoint.com/ideas/GOV-I-2367
3. https://ideas.sailpoint.com/ideas/GOV-I-3844

Hi @iamksatish Could you please look into it?