and more in a single search tool across platforms. Read the announcement here. |
11/16/2023 07:24 AM
Hello,
We have recently implemented an Azure AD connector within a client's pre-prod Saviynt environment. To validate that the incremental access import job was functioning as expected we made changes to some test accounts within Azure AD and then ran the access import job twice.
When we ran the import job, the changes made in Azure AD did not reflect in Saviynt. We performed the following troubleshooting steps:
1. Verified that the connection was successful
2. Verified that the JSONs used in the connection are correct in terms of their syntax.
3. Performed tests with the incremental account import to verify that the above are correct. These were successful and reflected account changes made to the source data in Saviynt.
4. Verified that the incremental access import job was configured successfully and that the status of the job was successful when run.
5. Verified that the delta token was saved as part of the incremental access import and was updating after successive runs of the job.
6. Investigated the logs to identify if there are any errors present. There were none that I could identify that correspond to the Azure AD incremental access import job.
7. Using the Microsoft Graph API I ran multiple API calls (using postman) to the Azure AD source that we are using to verify that the delta token stored in the job history reflected the changes we expected to see. These API calls were successful and reflected the group membership changes made in the source by the Third Party Vendor.
Please can you assist?
Solved! Go to Solution.
11/16/2023 10:16 PM
What is error ?
11/17/2023 07:21 AM
Hi @rushikeshvartak,
There is no error flagged in the logs or when we run the job via the job control panel. The only way that we know that there is an error is that we made changes to the source data(Azure AD/ Entra ID) and those changes aren't reflecting in Saviynt.
11/20/2023 03:06 AM
@rushikeshvartak please see attached logs if that is of use.
12/06/2023 02:36 AM
@rushikeshvartak any update on this?
12/11/2023 10:20 AM
Please confirm below
12/11/2023 10:15 AM
Can you confirm
1. If you have defined any value under Import Config in the trigger for Incremental import.
2. What changes did you make to the Groups in target before running the incremental import.
3. what value is defined for ENTITLEMENT_FILTER_JSON
12/12/2023 02:23 AM
Hi @rushikeshvartak , see responses to your questions below.
1. Entitlement filter in connection: No we are not using a filter, we intend to import all entitlements. For the accounts we are using a filter to exclude the service accounts until a later date.
2. Are you looking for the configuration of the import job itself? Also we are not using Custom_Access for this import.
Hi @SB , see responses to your questions below.
1. For the import config are you talking about the configuration for the import job itself or are you talking about the configJSON attribute in the connection?
2. The only changes we made to the groups was altering the group membership for some of the test accounts we are using. Effectively just removing them from one group and adding them into another.
3. ENTITLEMENT_FILTER_JSON is currently blank as we want to import all of the entitlements.
12/18/2023 08:11 AM
@rushikeshvartak @SB, can I get an update on this?
12/18/2023 08:57 AM
Please share connection config with masked confidential info and Job screenshot in word doc
12/19/2023 06:50 AM
Hi @rushikeshvartak, there is not a single connection config parameter. Do you want all the individual parameters in the connection?
12/19/2023 08:54 AM
Full connection page screenshot
12/20/2023 03:21 AM
12/20/2023 10:45 AM
Job configs
12/21/2023 05:09 AM
See screenshot
12/21/2023 10:48 AM
Can you try custom access import
01/10/2024 02:13 AM
Hi @rushikeshvartak, This fix seemed to work. Thanks for the help.