Here are my tests with Entra ID SaaS connector:
Test 1:
Test 1: string null --> "null"
[2025-07-09T16:36:38.631-04:00] INFO | connectorMessage ▶︎ {"AppType":"Microsoft Entra","commandType":"std:account:update","invocationId":"id","message":"primaryData - {\"companyName\":\"null\"}","requestId":"id,"timestamp":"2025-07-09T20:28:45.906Z","version":45}
response to get attributes via postman:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(department,jobTitle,companyName)/$entity",
"department": null,
"jobTitle": null,
"companyName": "null"
}
In transform the value is set to:
{
"type": "static",
"attributes": {
"value": "null"
}
}
Test 2:
Test 2: value null --> null
There is no log entry
value of the attribute did not change. confirmed via postman call
Transform has:
{
"type": "static",
"attributes": {
"value": null
}
}
Test 3:
Test3: Empty string --> ""
There is no log entry
value of the attribute did not change. confirmed via postman call
Transform has:
{
"type": "static",
"attributes": {
"value": ""
}
}
so, here are my conclusions so far:
- “” and null are ignored by the attribute sync(Entra ID connector), however, the events show PASSED.
- “null” string(with quotes) sends the same value and this is of no use.
- Epic has similar issue - Clear attribute value using attribute sync - #3 by SBahl
- SNOW has similar issue - this discussion
- Entra ID has similar issue - this post
- But its mentioned here that null values will sync: https://community.sailpoint.com/t5/Identity-Security-Cloud-Updates/Updates-to-Attribute-Synchronization-Null-Sync-Support/ba-p/222586
Question:
So is the path forward only a workflow that triggers on the attribute change and we use the http action, directly call the entra id api to sync these values?
Note: All the SaaS logs are obtained from the CLI