Hi,
Context: Tying to provision(Create account) along with extension attributes, manager attribute to Entra ID(SaaS) and then aggregate to see the results while applying advanced filters on extended attributes
References:
Tests:
> Test 1:
User: ABC
Advanced filter with extension attribute -- Yes
Advanced Filter -- startsWith(extension_<id>_clientAccountID, '3675') - condition is true for this user, i.e., client AccountID starts with 3675
Manager attribute present in account schema -- Yes
Manager attribute present in provisioning policy -- Yes
Result
Provisioning: Successful -- Matches with expected result
Aggregating the Entra ID: Successful -- Matches with the expected result. Since the manager attribute is present in the account schema, the advanced filter should either throw an error or not have any effect.
Entra ID Account link created and account details populated with the manager and extended attribute( even before manual aggregation)
Manual aggregation successful
Test 2:
Context:: def
Advanced filter with extension attribute -- Yes
Advanced Filter: startsWith(extension_<id>_clientAccountID, '3675') - condition is false for this user. that is Client AccountID(3447***********) does not start with 3675
Manager attribute present in account schema -- Yes
Manager attribute present in provisioning policy -- Yes
Result
Provisioning: Successful -- Matches with expected result
Aggregating the Entra ID: Successful -- Does not match the expected result. I expect this account not to aggregate
Entra ID Account link created and account details populated with the manager and extended attribute( even before manual aggregation)
Manual aggregation of the account is successful
so, is my advanced filter wrong?
What am I missing?
Test 3:
Context:: xyz
Advanced filter with extension attribute -- Yes
Manager attribute present in account schema -- No
Advanced Filter: startsWith(extension_<id>_clientAccountID, '3675') - condition is false for this user. that is client AccountID(3408***********) does not start with 3675
Result
Provisioning: Successful -- Matches with expected result
Aggregating the Entra ID: Successful -- Dont not match with expected result. I expect the account to be filtered and not get aggregated(updated)
Entra ID Account link created and account details populated with the manager and extended attribute( even before manual aggregation)
Manual aggregation is also successful
Questions:
The advance filter did not show any effect on Test 1 and Test 2. So, I concluded that this may be the case because the “manager” attribute is present in the account schema. However, Test 3 also did not show any effect. So, my thinking is:
Either:
- My advanced filter is wrong, OR
- My conclusions about the tests are not in line with the actual concept OR
- I am missing something else
Can anyone please help me discuss this? What am I missing or not doing the right way?
Please help me understand: Should we expect an error when we have advanced filter is used along with the manager attribute in account schema(as in one of the reference links) or should the filter have no effect?
Thanks in advance