Azure Active Directory Connector, User filter

Which IIQ version are you inquiring about?

8.4

Please share any images or screenshots, if relevant.


Share all details related to your problem, including any error messages you may have received.

We are trying to limit users aggregated by the Azure Active Directory connector.

Does anyone have any idea how I would go about adjusting this query in order to meet graph standards. This clearly works in graph explorer and my understanding is that the advanced query filter adds the consistency level header and count variable to the query. Per Sailpoint’s documentation I’ve also removed Manager from the schema

Hi @mrioux -

Microsoft recommends the use of Microsoft Graph API instead of the Azure Active Directory Graph API. Microsoft has stopped addition of new feature in the Azure Active Directory API. The Azure Active Directory connector has been enhanced to use the Microsoft Graph API completely.

So the action item for you would be check if you have enabled the use of Microsoft Graph API for all connector operations.

For example, entry key="useMSGraphAPI" value="true"
1 Like

Thanks Amit,

The Sailpoint Azure Active Directory connector came with the following out of the box.

image

1 Like

Try to uncheck advanced filters, for eq filter it’s not needed. Try also taking the filter into ( )

The solution here was to remove the Manager field from the User Schema, and the owners field from the group schema. This is because Oadata is not supported in advanced queries.

Per Microsoft’s documentation quering employeeType requires the use of $count=true and the Consistency level header being used which is what the advanced query button does.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.