Create Account IntraID failed

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi Everyone,
I got stuck in IntraID Integration my connection has successful but when I am trying to provision one test account to Entra it says account creation failed and flash with access request id.

please note I am passing all required attributes which are required for account creation on intra. These are static values as this is test environment with test instance of Intra ID.

We have requested access profile via ARS but every time it get failed. Anybody faced similar issue. ?? How should I fix this ? Do I need to check a intra ID logs for this issue ?

Appreciate your help.

2

Did you configure the IQService on the source configuration? SailPoint needs the IQ Service in order to work with anything MS. This allows for SailPoint to leverage the Windows only libraries.

3

Hey, Good Point ! Is it really required for Intra Saas based connection? I don’t see any option in this?

4

Ah ok then you can ignore the IQService that is for the non SaaS connector. For the SaaS connector have you verified the permissions for the account doing the actions?

5

Hi, I checked for permission, It has all permissions which is required for connector, Read All and Write All, Now Issue is account creation is getting failed, Just its throwing account creation getting failed, Does anybody know how to check logs for Saas Based connectors?

6

Hi @LearningStar ,
Greetings of the Day!

If you want to check logs for Saas Based connectors, you need to raise SailPoint ticket.

Thank You
Mahesh M

7

Hi Everyone, issue got resolved accounts are creating into target but there is one issue which is causing issue that is when I tried to use generator rule into my account attributes. It says UPn creation failed after 50 retries, however I am using unique counter too along with the expression more over there is no such UPN existing into Azure Environment. If anybody have any idea on this please suggest. !! I am getting error on below fields.
UpN
Display name
Email

In short whereever I am trying to use generator for my attributes. It seems that it is not able to create unique value for the target.

8

image
image2160×3840 3.12 MB

For reference I am attaching the error screenshot. If I pass some static value this error got resolved but here I wanna use unique patterns only.

9

Morning,
What is your transform for creating the UPN using the uniqueCounter? That is were the problem is lying

10

Hey @PhilRawlings1 thanks for looking into this. I haven’t used any transform. We just want to create UPN in below format condition that should be unique.

$(firstname).$(lastname)$(uniqueCounter)@grouptest.on Microsoft.com

I also tried to remove unique counter from my expression even then also I saw same error.

It should be unique always.

Let me know what wrong is here ?

11

Is ‘grouptest’ a valid domainName for your test environment?

12

This is for an example @PhilRawlings1, consider this exist

13

Have you tried it with a purely static value?

14

Yes that is passing correctly without any error with static values.

15

Then I would suggest trying out different use cases to find out what is failing:

  • static
  • $(firstname)
  • $(lastname)
  • static($uniquecounter)
16

Hi @LearningStar,

Which rule generator are you using.? From the error snippet, it looks like you are using an LDAP rule, which would not work in Azure.

Can you try as below and see if it works :

image
image972×377 22.5 KB

17

@jesvin90 Absolutely correct !
It was due to Generator, We had to use Unique Account ID instead of Account Attribute after changing this, issue got resolved, Now only issue we saw it with the uniqueness values , if same name of first name and last name joins the organization how it gonna behave for such users? this is main thing which we need to perform testing.