SailPoint ISC - Need help with provisioning B2B users via Microsoft Entra ID SaaS ConnectorNeed help with provisioning B2B users via Microsoft Entra ID SaaS Connector

Identity Security Cloud (ISC) ISC Discussion and Questions
, , ,
1

Hi SailPoint Community,

I’m reaching out to ask for your support and insights on an issue I’m encountering with the Microsoft Entra ID SaaS connector in IdentityNow.

:white_check_mark: What I’ve done so far:

  • Successfully integrated Microsoft Entra ID with IdentityNow following the official guide:
    Integration documentation
  • Completed App Registration in Entra ID and granted the required API permissions:
    Directory.Read.All and Directory.ReadWrite.All
    Permissions reference
  • Aggregation of accounts and entitlements is working as expected.

:bullseye: My goal:
I need to provision B2B (guest) users from Identity Security Cloud (ISC) .

:hammer_and_wrench: Create B2B Provisioning Policy configuration:

:police_car_light: The issue:
When I try to assign an Entra ID entitlement (e.g., Security Administrator or any other type of entitlement) to trigger the creation of a B2B account via the previously defined provisioning policy, I get a generic error with no detailed message or logs

image
image958×469 19.9 KB

image
image958×514 32.3 KB

:man_raising_hand: Has anyone else run into this issue?
I’d really appreciate any guidance, suggestions, or even things to double-check in the provisioning flow.

Thanks in advance for your help!

Kind regards,
Paolo

2

Please ensure “accountType” is set to this:

Default is User

To create Guest User (B2B), set this value to Guest User B2B.

Please refer to this page:

3

Thanks for the reply!

Yes, I can confirm that I have followed the documentation exactly as described — including setting the accountType to “Guest User B2B” in the provisioning policy.

As I mentioned in the original post, I based my configuration on the Create Guest User (B2B) Account Policy documentation and also shared a screenshot of the provisioning policy to reflect this setup.

Despite this, when I attempt to assign an Entra ID entitlement (e.g., Security Administrator ), the account is not created and I receive a generic error with no details or logs.

Any further suggestions on what else I could check or troubleshoot would be greatly appreciated!

Thanks again,
Paolo

4

The reason I was asking on the accountType is because your screenshot of the Create Policy still shows “User” as the value to put for accountType, and the screenshot from search shows the same.

Can you double check?

5

Hi,
Thanks for your prompt reply! :blush:

I confirm that the accountType is now correctly set to “Guest User B2B”.

image
image963×642 40.8 KB

Unfortunately, the add entitlement request is still failing , even with this configuration. :confused:

Any further suggestions or ideas on what else I could look into would be greatly appreciated.