Azure AD connector throttling with ma attributes

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

Hi community :slight_smile:

Is someone of you using Azure AD connector to read and provision MFA_ attributes ?

I have recently added two attributes for MFA and this is causing a huge amount of throttling errors from Microsoft Graph API (429 error)

Any experience around this topic ?

2

Hi @gabs1,

Please check out this resource on MFA attributes and let us know if it helped.

https://documentation.sailpoint.com/connectors/microsoft/azure_ad/help/integrating_azure_active_directory/mfa_schema_attributes.html

Connector Schema Resource
https://documentation.sailpoint.com/connectors/microsoft/azure_ad/help/integrating_azure_active_directory/schema_attributes.html

3

Hi, I was following the official documentation to configure it.
The new configured attributes are:
mfa_phoneNumber_mobile, mfa_microsoftAuthenticatorAuthenticationMethod.

There is nothing that mention throttling and 429 error.

4

Hi @gabs1,

APIs are throttled when MS receives too many calls during a given timeframe from a tenant or app. Calls might also be throttled if the service takes too long to respond. Please go through these resources to see if you are abiding by the best practices. These resources specifically talk about error 429 extensivy and advises how to resolve them.

Please let me know if this helps.

1 Like
5

HI.
did you solve this ussue?

6

Hi not really.
We the SailPoint support we have done some adjustment for the AAD connector (Increasing paging, decreasing Partitioning) .
This is not triggering the Throttling but the task, in case of full aggregation without delta and optimization enabled is very slow compared to the previous runs. We are talking about 200k accounts, were correlation is 160k and increasing day by day.

Microsof on their side are not saying nothing, just that we were hitting too fast the Graph API for auth method attributes… This is annoying situation.

7

i have 70K
and it is very slow…and if i have more than 5\6 partitioning it get that annoying error…

8

I’m “Happy” that we are not alone here :smiley: .

from Debug try to put there paging to 5000 on the application definition. Check if helps.

Regards

9

can you tell me how?
if you ment Page size - it is maximum 999 no?
this is my partitioning:

image
image725Ă—798 88.4 KB

10

search in the application definition:

<entry key="pageSize" value="999"/>

Replace with:

<entry key="pageSize" value="5000"/>
11

Thanks!
somehow it works even page size maximum is 999…