Share all details related to your problem, including any error messages you may have received.
Hi All,
I am new to this development position. Seeking your assistance on the below task. Kindly provide your support.
Customer wants me to find the accounts from sail point that are inactive for more than 90 days in both Azure AD and AD with the help of last login time stamp attribute. But I have this attribute only in AD application and not in Azure AD in Sail point. Kindly help me how to add this attribute in Azure AD application connected in Sail Point, compare those accounts with AD to get the final user list who are inactive in both AD & Azure AD and then to inactive those accounts from Sail Point.
@sreeram I can able to get that attribute from Azure by importing the rules as stated in the blog, but the value is not as expected timestamp it just showing “Never” for all identities in sailpoint. Kindly assist me on this.
With 8.3 this is available out of the box, make sure you are using graph API and the sailpoint app in azure has permissions to read it. the scehma attribute should be lastNonInteractiveSignInDateTime and lastSignInDateTime
Permission added. But as per Last Login for Accounts. sail point provides OOTB to get the last sign in values from azure AD. I did tried that also but values are not aggregating from Azure AD to sailpoint.
SailPoint confirmed that this feature is not supported in 8.3 version. So I just followed the links shared by Sreeram in this discussion and tested in UAT. I can able to get the last sign in values from Azure but after adding the beta entry key in the application xml file under sailpoint debug.