I’ve been trying to apply a group aggregation filter to our Azure AD source in IdentityNow. The only thing I’ve been able to enter without running into a java language exception is
dirSyncEnabled ne true
I’m getting my group attributes from this documentation here
I get a java language error. I’m stumped as to why dirSyncEnabled seems to work but none of the other attributes in this documentation work. I’ve also tried grabbing attribute names directly from imported entitlements instead of this documentation on group schemas but still have the same result.
Exception during aggregation of Object Type group on Application New Azure AD [source]. Reason: java.lang.RuntimeException: An error occurred while aggregating Application New Azure AD [source]
Do you know if there’s a way for me to obtain a more detailed error message with an API call or something?
If you haven’t already, I recommend opening a support ticket. Our support team is better equipped to investigate your tenant and OOTB connectors like Azure AD to find the root cause.
Yes and no. The aggregation filtering in the SailPoint GUI itself is pretty limited but I was able to implement a much more robust filtering system by doing the following.
Run a nightly script that reaches out to all sources I care about and pull in all their entitlements.
Run an API call on each of those entitlements to get full details on them.
Inspect the results and filter the ones I don’t want out.
Build a file in a shared network location that has a list of all entitlements IDs that were okay with including on reviews.
On a script that we were already using to create reviews that gathered entitlements to include on those reviews I just added a step that combines all the approved entitlement ID files created in the steps above and then cross references those IDs to only review approved entitlements.
For the Java error just check out if name of entitlement in Azure does not contain a emojis in it. IdentityNow does not support emojis and gives a java error during aggregation.