Entra ID provisioning - Timeout

We have just connected the Entra ID to SailPoint ISC. Now we are trying to provision some bigger Entra groups with ca. 5000 members, but the Entra connection is timing out, so it seems that ISC is overloading it.

I can see that it is possible to set up paging for aggregation, but can’t find anything for provisioning.

Have you seen similar problems, and how have you solved them?

Is there something on the Entra site that needs to be adjusted?

Hi @cowe,

I believe this concern was recently discussed in the community and I believe the culprit is rate limiting by Microsoft on the MS Graph APIs: Entra SaaS connector provisioning issue - #19 by TheOneAMSheriff

Microsoft Graph enforces rate limits on provisioning operations, which commonly causes timeouts with large groups (5000+ members). Your provisioning failures should automatically retry in the next identity refresh cycle.

For immediate relief, consider:

  • Schedule implementations for Entra ID roles during off-peak hours, especially away from aggregation timings.

  • Temporarily modifying role criteria to reduce members sizes if you see fit.

Good luck