Entra SaaS connector provisioning issue

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

We recently moved from the VA Based Entra connector the the SaaS connector. Everything has been working fine, until we attempted to add an entitlement to 200+ users. The first 5-10 requests were processed properly, then every additional request shows:

sailpoint.connector.ConnectorException: Command timed out

We have tried adjusting the provisioningTimeout, but haven’t been able to figure out a resolution.

Has anyone run into this issue?

2

I has similar problem i increased timeout value to 90 and it worked for me .

provisioningTimeout

Description: This parameter is set for provisioning timeout.

Resolution: The default value is 60 seconds. If the timeout error continues, increase the value in 15 second increments and try again.

For example,

If your current time value is 60 seconds, update the provisioningTimeout attribute as follows:

[    
  {        "op": "replace",        
           "path": "/connectorAttributes/provisioningTimeout",       
           "value": 90  
  },
]
1 Like
3

We previously set it to 90. I will try to bump it up higher and see what happens.

4

Over the last few weeks I have tried every possible timeout setting, and we still are unable to provision a single entitlement to a large number of Entra Accounts using the SaaS based Entra connector. I have opened a ticket, but so far that hasn’t helped much.

We attempted to add a regular Entra security group to 600+ accounts via a role. The first 10 go through just fine. The next 10 will be provisioned in Entra, but ISC will say the provisioning was incomplete. The rest will not get provisioned in Entra. Then it gets repeated the next time the Role is pushed, with the same results. If there are any other groups being provisioned via Roles or Access Requests, those will also fail.

Support recommended reducing the number of accounts we were provisioning to at one time. We have to do it at 10-20 accounts per run to not run into issues. This is a terrible process for trying to get the entitlement to 600+ accounts.

As a test we tried using the Virtual Appliance based Entra connector, and we were able to provision to 180 accounts in less than 5 minutes with no errors. I am sure it wouldn’t have a problem with 600+ accounts.

There is something wrong with how the SaaS based connector is working, or there is something wrong with the back end SaaS infrastructure.

@colin_mckibben can you help out with this?