Azure AD - Aggregation error

Which IIQ version are you inquiring about?

Version 8.4

Share all details related to your problem, including any error messages you may have received.

Hello,

I have onboarded Azure AD application without IQService. SailPoint Test connection is successful to Azure AD. But when performing the aggregation, I face an error

“Exception during aggregation of Object Type Account on Application Test-Azure AD. Reason: Unable to create iterator sailpoint.connector.ConnectorException: Exception occurred in Iterate Objects - populateRiskyUsersDetails. Error message - Exception occurred in processReadRequest. Error - Exception occurred while trying to receive data from Server. Number of retries exceeded.Your tenant is not licensed for this feature. Please upgrade your subscription to access it.”

Do I need to upgrade my subscription ?

Hi Bert,
It depends which features you use - easiest way would be to paste here the app xml so we could take a look on them.

Here you can also find some more details about features

and here about required permissions

1 Like

Hello @BertJohnson,

In the application go to schema and in Accountschema and delete the attribute called risky user attributes in the schema and it will work

Please also see config guide for Azure https://community.sailpoint.com/t5/IdentityNow-Connectors/Azure-Active-Directory-Source-Configuration-Reference-Guide/ta-p/75323

  • Risky User Alert Feature

With the security reports in the Azure Active Directory system, you can gauge the probability of the compromised user accounts in your environment. A user flagged for risk is an indicator that the account might have been compromised. The user risk represents the probability that a given identity or account is compromised. These risks are calculated offline using Microsoft’s internal and external threat intelligence sources including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources.

The Azure Active Directory source supports the risky user alert feature. Requirement : An Azure AD Premium P2 license is required to avail this feature. The supported operations for the risky user alert feature are Full Account Aggregation and Get Object.

Test this and if it doesnt work, paste here the app xml object

2 Likes

Thanks, this is very helpful.

1 Like