We are trying to figure out how to either skip the on prem synced groups in the Azure AD source when it’s aggregating OR filter them out when creating a certification using the API searches.
There are some distinct attributes for the on prem synced groups, but they don’t appear to be searchable since they are in the “Additional Attributes” section. Also the group filter on the source configuration doesn’t appear to like the NOT filter.
Any ideas?
Here are 3 scenarios that might help:
Thanks Jill! #2 doesn’t work because the entitlement filter doesn’t like the “ne”. ```
Caused by: sailpoint.connector.ConnectorException: Exception occurred in Iterate Objects. Error message - Exception occurred in processReadRequest. Error - Response Code - 400 Error - 400 Unsupported property filter clause operator ‘NotEqualsMatch’
Unfortunately for #1, I still want the accounts that aren't cloud only, so that won't work for me either.
I did vote up the idea. Thank you for pointing that out to me.If you remove the expanded attributes in the schemas, ne should work (remove owners from the group entitlement schema). I had the syntax wrong above, but I don’t know how to edit a previous comment. It’s (dirSyncEnabled ne true)
Found in this documentation: Aggregation Settings
For the Azure Active Directory source, the Azure API does not support advanced query filters (
NOT,ENDSWITH, andNE) along with expanded attribute such as manager in the URL. Now, while using the advanced filters, ensure that you remove themanagerattribute from account schema and remove theownersattribute from groups schema.
Update: Nevermind, I got the schema updated and the filter worked! Thank you so much for your help!
Thanks for that documentation. I am trying to update the Schema using the API and running into issues. I’m using this replace-schema | SailPoint Developer Community & getting "cannot consume content type. I can open a support ticket if that makes sense, but I figured I should ask here first.