Azure AD Connector Aggregation

saunakRheem91 · March 19, 2025, 11:40am

Hi Experts,

We are trying to aggregate extensionAttributes from Azure AD which we provisioned successfully from SailPoint IdentityNow.

We followed the format of onPremisesExtensionAttributes_ and were successful to provision values to the target Azure AD account.

But during aggregating the account back to Sailpoint via AAD connector aggregation, it is setting the values for those extensionAttributes as blank, it is unable to fetch the values from Azure to SailPoint IDN.

I used graph API to fetch the values and validate and found the values are actually present in target Azure provisioned but not able to fetch it back to SailPoint during aggregation.

I saw an article posted 1 year back old which says Sailpoint AAD connector does not support fetching extensionAttribute values back from Azure and an enhancement request is opened for the same - Azure AD connector Accounts Aggregation - #7

Is this still valid and that SailPoint AAD connector still doesnt support ?
Is there an alternate efficient way to fetch and store aggregate to SailPoint from Azure the values for the extensionAttributes?

agutschow · March 19, 2025, 3:18pm

You should be able to use advanced filters.

You will need to add the graphAPI to the schema as mentioned:

jesvin90 · March 19, 2025, 3:53pm

Hi @saunakRheem91,

Are you following this document for setting up the extension attributes.?

I have been able to successfully provision and aggregate the attributes in my tenant with a VA based Entra connector. Here is how it looks like, incase you have named the attribute incorrectly :

Also, have you done a full aggregation (not a targeted account) after the provisioning process.?

system · May 18, 2025, 3:53pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.