How to assign a manager (standard account) during privileged account creation in Azure AD

This is our account filter condition in the source aggregation settings-

not(endsWith(userPrincipalName,‘#EXT#@domain.onmicrosoft.com’)) AND endsWith(userPrincipalName,‘-c@domain.onmicrosoft.com’)

sample of manager upn- abc.xyz@domain.onmicrosoft.com

Able to assign manager in the target Azure AD but provisioning request is not successful. And the account is not aggregating in SailPoint. Getting below exception-

Exception occurred in Iterate Objects. Error message - sailpoint.connector.ConnectorException: Exception occurred in processReadRequest. Error - Response Code - 400 Error - 400 Operator ‘endsWith’ is not supported because it is used with the property ‘manager’ in $expand which requires $levels inside $expand.

Hello,

Remove the “manager“ attribute from Account Schema and run the Azure AD aggregation.

The manager attribute is actually causing the issue with your Filter.

Reason:

Microsoft Graph doesn’t allow combining endsWith with an expanded navigation property like manager unless the expand includes a $levels clause

Regards,

Rohit Wekhande.

Thanks Rohit!!

As suggested, if we remove the manager from Account Schema then How to set the manager attribute and it’s value in target for an account?