IdentityIQ 8.3p2
Hello All,
We need to aggregate a single group from Azure AD to SailPoint. As we are unable to test it in non prod we need suggestions to confirm if this filter will work to aggregate single group.
Hi @DharshiniB ,
The filter below only aggregates the specified group name.
<entry key="groupFilters" value="displayName eq 'Test-Group'"/>
<entry key="groupFilters" value="displayName eq 'Test-Group'"/>
Hi @Arun-Kumar ,
you mean it will only aggregate that single group?
Hi @DharshiniB ,
yes, Only groups with the display name “Test-Group” will be included in the aggregation process. The filter narrows down the scope of the aggregation to include only the group(s) with the specific display name you provided.
@Arun-Kumar Thank you for the response
Hi @DharshiniB
Can you please try with below line?
If that doesn’t work, try with
Replace TEST with actual group display name.
Hi Arpitha, Sorry i think the script is not coming up. can u insert it as picture.
@DharshiniB edited previous reply. Please check
Hi @DharshiniB ,
In the group aggregation, choose “Object types” as the group. This will ensure that only the group is scanned.
Try with this filter and object type as group in group aggregation.
<entry key="groupFilters" value="displayName eq 'Test-Group'"/>
@DharshiniB Has it worked ?
Hi @Arpitha1 Actually i didn’t got any error, but group was also not coming up in sailpoint after aggregation.
Hi All,
It seems like because not having aggregate all groups parameter present in application xml, we couldn’t able to see the group in SailPoint. is this correct way of adding this?
Hi @DharshiniB ,
The group aggregation task, by default, aggregates all object types configured within the application.
Could you please check the application schema to confirm whether the object type “group” is configured?
If the schema (Object Type: group) is configured, enable the “Filter Object Type” option in the group aggregation task, select “Group,” and then run the task.
Hi @Arun-Kumar ,
Yeah we have object type group configured in our schema. i have tried selecting this option in task. but still group was not coming up in SailPoint. I have attached screenshot of group aggregation task, its just scanning couldn’t able to see any account get updated.
Hi @DharshiniB ,
Ensure the correct permissions(Group.Read.All) are granted to read the group.
Hi @Arun-Kumar ,
Yeah we have assigned those permissions, I’m attaching the application xml.
Application-AzureAD.xml (261.8 KB)
Hi @DharshiniB ,
I am successfully aggregating the groups using the attached application XML. I suspect there may be a permission issue. Could you please verify the permissions again?
Regards,
Arun
Hi @Arun-Kumar ,
okay, we are checking with our Azure Team on this.
One more query, do you have any idea about what attribute we need to set for creating custom domain in mail address instead of onmicrosoft.com.
