We are trying to aggregate extensionAttribute14 from Azure AD by setting up the employee number into it.
We have added extensionAttribute14 in Account schema of AAD connector. Also ensured in AAD portal account’s extensionAttribute14 value is set to employee number.
Ran the aggregation in IDN portal, but unable to see extensionAttribute14 value.
Any suggestions here, does AAD connector supports aggregation of extensionAttribute14?
We are successfully able to aggregate extensionAttribute14 value for AD accounts but not happening with AAD accounts.
Its likely the name is different than you expect. (The extension attributes get prefixed with more stuff when pushed into AAD).
There are a few ways to see this.
Try making a dynamic group using that attribute. I believe the true name of the attribute is seen in the dynamic group rules editor.
Try using graph explorer (Graph Explorer | Try Microsoft Graph APIs - Microsoft Graph) against the beta endpoint after being signed in with an account from your tenant (you may need to also consent). The graph explorer is a good tool to easily look at graph calls. (which is how this connector is communicating with Azure)
As per your suggestion we have validated extensionAttribute14 format in AAD by using graph API explorer. Yes, the format was different than what I was referring to (extensionAttribute14).
I have added this ExtensionAttribute14 into AAD Account Schema and ran the aggregation, but still, I am unable to bring value to this ExtensionAttribute14 attribute.
make sure you are using the beta graph endpoint in the AAD Connector Config
(the 1.0 endpoint does NOT return all of the data… only the beta endpoint does).
We got the response from SailPoint connector team on this, currently AAD connector does not yet support fetching such embedded attributes. so, the extension Attributes synced from AD to Azure, cannot not be aggregated with value by adding them to schema.
looks like there is an enhancement request placed for this.
