Error in Azure Active Directory Account Aggregation

Hi Team,

We have provided the required permissions to Aggregate user account from Azure Active Directory. we are getting an error during account aggregation.

The following is the error message:-
Exception occurred in Iterate Objects - populateRiskyUsersDetails. Error message - Exception occurred in processReadRequest. Error - Exception occurred while trying to receive data from Server. Number of retries exceeded.
You cannot perform the requested operation, required scopes are missing in the token.

reference of permissions.

Thanks,
Hemant

Hi ,

In Source go to Accountschema and delete the attribute called risky user attributes in the schema and it will work

Please also see config guide for Azure https://community.sailpoint.com/t5/IdentityNow-Connectors/Azure-Active-Directory-Source-Configuration-Reference-Guide/ta-p/75323

  • Risky User Alert Feature

With the security reports in the Azure Active Directory system, you can gauge the probability of the compromised user accounts in your environment. A user flagged for risk is an indicator that the account might have been compromised. The user risk represents the probability that a given identity or account is compromised. These risks are calculated offline using Microsoft’s internal and external threat intelligence sources including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources.

The Azure Active Directory source supports the risky user alert feature. Requirement : An Azure AD Premium P2 license is required to avail this feature. The supported operations for the risky user alert feature are Full Account Aggregation and Get Object.

1 Like

Hi Team,

we have configured Office 365 service plans in Access Profile to provision Office 365 license to user and Access profile has added to role. On the basis of membership criteria role has provisioned to user and license has granted to user’s azure account.

On deprovisioning services get disabled and role has removed in IdentityNow, but license didn’t remove from azure account.

Is IdentityNow support removal of license from azure account , in case of membership criteria doesn’t match? As per our experience IDNow disable license , not removal.

Thanks,
Hemant