Entra ID SaaS - Aggregation of Sponsors Attribute

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

With the Sponsor functionality available (Configuring Sponsors for Guest User ( B2B) and External Member (B2B)) has anyone successfully aggregated the sponsors attribute?

When I attempt to aggregate, I get a JSON blob returned:

{
   "displayName":"Bloggs, Joe",
   "id":"123456-1234-1234-1234-123456789012"
}

Provisioning works correctly by sending the UPN of the Sponsor. However Attribute Sync repeatedly triggers as the aggregated value is obviously different.

A separate Graph API call with the same permissions returns a full record:

"sponsors": [
   {
      "@odata.type": "#microsoft.graph.user",
      "userPrincipalName": "joe.bloggs@test.onmicrosoft.com",
      "displayName": "Bloggs, Joe",
      "id": "123456-1234-1234-1234-123456789012"
   }
]
2

  • provision by Object ID instead of UPN

  • normalize both sides to sponsor ID

  • avoid syncing raw sponsor JSON entirely.

3

Yes — this is a common issue with Microsoft Entra ID sponsor aggregation in SailPoint ISC.

ISC currently aggregates the sponsor object as a serialized JSON fragment instead of resolving userPrincipalName, which causes perpetual Attribute Sync drift.

What’s happening:

  • Provisioning sends:
    joe.bloggs@test.onmicrosoft.com

  • Aggregation returns:
    JSON object with displayName/id

  • ISC compares both → mismatch → endless sync trigger.

Best workaround:

  • Transform the aggregated sponsor attribute to extract only id or displayName

  • OR disable Attribute Sync on sponsor

  • OR use a separate calculated identity attribute for comparison

Unfortunately ISC connector normalization for sponsors is incomplete right now i guess just check