Saviynt Forums

ssrnitish · ‎10/11/2023

Hi All,

We are trying to import selective accounts from Azure AD using ACCOUNTS_FILTER configuration within the connection.

We are using filter based upon userPrincipalName. Below few of the filters we tried to configure.

startsWith(userPrincipalName,'test.test@abc.com')

userPrincipalName in ('test.test@abc.com', 'test.test2@abc.com', 'test.it@abc.com')

Both the above filters are working if we are running the FULL Account import job and only importing the specific accounts mentioned within the Filter.

But, when we are executing the Incremental Account import job, we are always getting some anonymous accounts which are not supposed to get imported as per the defined filter criteria.

Note: As per Saviynt documentation 23.x, we also tried to change the syntax format of Accounts_Filter query by mentioning unicoded values inside the syntax, but we are still getting accounts outside the defined filter criteria.

Saviynt Doc -> Azure AD Integration Doc 23.x V

As i said above, filter is working with Full Import job, but failing to get the desired outcome with Incremental Import job. We are using EIC 23.9v.

Any pointer to fix above would be helpful.

Thanks,

Nitish

Darshanjain · ‎10/16/2023

Hi @ssrnitish

Yes currently the Azure AD using accounts_filter doesn't support incremental recon and only supports full Recon. This is due to the fact that the delta token url does not support filters and hence the value of delta token won't be updated as per the filters provided. Instead it will bring in and store all the data and use same for incremental import.

Thanks

Darshan

alex1 · ‎10/17/2023

Hi @Darshanjain !
From the azure integration documentation it says that it is supported:

So I assume that this is completely wrong then? (see https://docs.saviyntcloud.com/bundle/AzureAD-v23x/page/Content/Configuring-the-Integration-for-Accou...)

Darshanjain · ‎10/17/2023

Hi @alex1

Incremental works when basic filter is used as the token is not in picture but when you are using advance filter then it doesn't work , I think this is missing in documentation, will get this updated.

Thanks

Darshan

alex1 · ‎10/17/2023

Thanks @Darshanjain

Just curious though, aren't the examples in thread only using basic filters?

startsWith(userPrincipalName,'test.test@abc.com')

userPrincipalName in ('test.test@abc.com', 'test.test2@abc.com', 'test.it@abc.com')

I cannot see that those filters are advanced as they are supported under the basic table as seen here:
https://learn.microsoft.com/en-us/graph/filter-query-parameter?tabs=http

Of course I assume that it has been url-encoded as mentioned in the thread

Darshanjain · ‎10/17/2023

Hi @alex1

My bad i thought to you are using advance filters, then it looks like some issue then as it should import incremental recon using filters, can you open a ticket and our team will check the logs and see

Thanks

Darshan

alex1 · ‎10/17/2023

@Darshanjain All logs and configurations have been provided in ticket: 2004597

Thanks for you reply!

rushikeshvartak · ‎10/17/2023

Incremental Import does not work with basic configuration also (v23.6) , We also rollbacked configuration from Prod due to same issue.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

alex1 · ‎10/18/2023

@rushikeshvartak Thanks for the information! Did you create a ticket about it as well? In that case the limitation has been known for several months.

Saviynt Forums

Azure AD ACCOUNTS_FILTER Not working