I have an authoritative source that has a little under 600.000 accounts on it. I am testing out a filterString on my Sandbox environmnet to prevent users that have an end date before 01-11-2025 from coming in. This should leave me with around 100.000 - 150.000 users there.
The issue that I am running into is that whenever I run an aggregation I am getting a warning that the threshold has been reached even at 99% (Screenshot).
Is there a way to tell WHY these accounts meet the criteria to be deleted?
I attempted to turn the delete off and it took 17 seconds and scanned 0 accounts and have confirmed that the connection is working between ISC and the source.
I am baffled on what is happening here and would like to resolve so I can continue my testing.
I had removed the filterString for that screenshot, so it was the base connector settings that had worked a few weeks ago.
What I was going to use was:
“filterString”: “metroenddat < \"20251101\"”
This is similar to another filterString I used for a different source. The difference is the source in question here is an in-house application, the other was SAP HR. That looked like:
Since you confirmed this is a sandbox, it might be a target application permissions issue. If the end system doesn’t have the necessary permissions, it will return empty records. Since you confirmed the same filter worked a couple of days ago, check with the app team for any changes made on the target application side.
@michael_mckeehan Might be some strange bug. Have you tried to delete the connector and re-create for the same target source again, in case that you are sure that permissions from the app end are fine?
Hi @michael_mckeehan Let’s do one thing here, take it out of the string and see whether the data is returned or not. Then, see the values of the accounts attributes, and based on that, you construct the above filter. I’m sure with the filter, the data returned 0 records, which is why you reached the maximum threshold value and skipped the process.
@markomanium, I am hesitant to remove the source and add it back because it is our primary source. While this is being depricated this year (hopefully) it will remove 90% of the identites from the environment.
It is a homegrown solution and a fickle beast. but I will take it back to the other engineers.
@Peddapolu the string has been deleted with aggregations and same result.
@michael_mckeehan Oh sorry, I thought you’re aggregating for the first time. That means that aggregation worked in the past (as you already have identities created by that auth. source). I can only think of that some limitation exists on the application end itself. Or try without a filter as suggested by @Peddapolu above.
@michael_mckeehan The application data isn’t being returned. Check with the app team for this application to see if the SailPoint user has the required privileges.
