Hi experts,
I receive the following error message during add entitlement operation (a distribution list type group) through access request in Azure AD.
According to the integration guide, add/remove distribution list operation is supported.
However, it does not seem to be working and the error message does not tell me anything actually. Can anyone help me out here? Thanks in advance!
Hi Sahin,
Add/remove entitlement functionality was working when we tried provisioning for an azure only group (Created directly in AAD and not available in AD). For an AD group which was synced to Azure, and if we try to do provisioning directly to Azure group, this functionality for not working for me.
Hi Jishnu,
Thanks for your message. I think you are right, because I checked with someone who has global admin privilige in Azure AD, that person also could not add/remove users directly in Azure.
Hi @jishnu_suresh , I checked the groups and they only exist in Azure AD, so this is not the same case for us. Do you have any other idea what might be causing this?
Hi Sahin,
Can you also check this document and see if the correct permissions is added to your ID?
Regards,
Jishnu
Thanks both. All the required permissions were already added. Plus, we granted Exchange Online Administrator. It does not fix the problem unfortunately. We are able to provision security groups but it does not work for Distribution Lists or Mail Enabled Security groups.
Hi @sahincelik,
Looks like Microsoft has long back removed the ability to manage distribution lists and mail-enabled security groups affecting provisioning from SailPoint.
Hi @varshini303 I saw that too. But why SailPoint still keeps “adding/removing mail enabled security groups” withing the supported features?
I think by supported operations, they would have meant that the exchange online mailboxes, distribution lists, and mail-enabled security groups could be managed by Exchange Online Powershell module through IQService.
I guess this is not explicitly mentioned in the official document. Maybe, you can raise this as a feedback to the Docs Team for clear explanation.
Thanks!
Thanks for your explanation but I think it’s clear that these groups can be supported via OOTB connector. The pre-requisite to manage these groups is to install Exchange Online Module 3.0.0 in the IQService host which we already did. And, I see a lot of discussions about EXO mail enabled security group provisioning SailPoint community or developer pages. But, thanks anyway, I will raise a ticket for this or reach out Docs team. Do you know how to contact them?
You can follow this to provide feedback on improvising docs.
Thanks!
I think an IQService restart is required after enabling the Exchange Online Management. That fixed the problem.
