I have setup Entra ID (Azure AD) source for delta aggregation as we have around 500k identities. We are in hybrid mode and accounts are created in on-prem AD. However we need to update authentication methods from IDN to Entra ID. Full sync takes around 17-18 hours. I am planning to use Delta sync to aggregate new accounts created in Entra ID. Aggregation will also update authentication methods in Entra ID. However, for some reason delta aggregation is not recognizing new accounts created in Entra ID and is not aggregating new accounts in IDN. This was working until 2-3 weeks before. I am not sure if some change in IDN broke it or a change in Entra ID broke it. Anyone else using delta sync with Entra ID?
I am not sure what logic IDN is using to perform delta agg on sources. We frequently have to run aggs not-optimized in order to pull in everything that delta agg settings seem to miss. Would suggest running delta aggs through the scheduler but then also have a workflow or something run a non-optimized agg every once in awhile to ensure that it actually pulls everything as expected. We have been using the non-published api cc/api/source/loadAccounts/ to do this but that is may have to find another solution that api is scheduled to be deprecated at some point soon. You can stay updated on the new endpoint when it is available by reading this post.
1 Like
From what I’ve seen, delta aggregation for Entra ID is not preferred for large user base (>50k users) because of the way it’s designed.
One solution that has worked for me is, you can cut down the account schema to a level that satisfies your requirement. This, in return, will reduce your overall aggregation time.
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.