Group Aggregation Filters

Hey everyone,

I’ve been trying to apply a group aggregation filter to our Azure AD source in IdentityNow. The only thing I’ve been able to enter without running into a java language exception is

dirSyncEnabled ne true

I’m getting my group attributes from this documentation here

But when I use other attributes/conditions like

groupTypes eq group


description eq test

I get a java language error. I’m stumped as to why dirSyncEnabled seems to work but none of the other attributes in this documentation work. I’ve also tried grabbing attribute names directly from imported entitlements instead of this documentation on group schemas but still have the same result.

Hi Conner. Can you please share the error message?

@colin_mckibben Sure, here it is

Exception during aggregation of Object Type group on Application New Azure AD [source]. Reason: java.lang.RuntimeException: An error occurred while aggregating Application New Azure AD [source]

Do you know if there’s a way for me to obtain a more detailed error message with an API call or something?

If you haven’t already, I recommend opening a support ticket. Our support team is better equipped to investigate your tenant and OOTB connectors like Azure AD to find the root cause.

1 Like

And if you do solve your problem, please update this topic with the solution to help others in the future.

1 Like

Were you able to resolve this error?

Yes and no. The aggregation filtering in the SailPoint GUI itself is pretty limited but I was able to implement a much more robust filtering system by doing the following.

  1. Run a nightly script that reaches out to all sources I care about and pull in all their entitlements.
  2. Run an API call on each of those entitlements to get full details on them.
  3. Inspect the results and filter the ones I don’t want out.
  4. Build a file in a shared network location that has a list of all entitlements IDs that were okay with including on reviews.
  5. On a script that we were already using to create reviews that gathered entitlements to include on those reviews I just added a step that combines all the approved entitlement ID files created in the steps above and then cross references those IDs to only review approved entitlements.

Hey Conner,

For the Java error just check out if name of entitlement in Azure does not contain a emojis in it. IdentityNow does not support emojis and gives a java error during aggregation.


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.