We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Azure AD Incremental Access Import Error

Alex_Terry
Regular Contributor
Regular Contributor

Hello, 

We have recently implemented an Azure AD connector within a client's pre-prod Saviynt environment. To validate that the incremental access import job was functioning as expected we made changes to some test accounts within Azure AD and then ran the access import job twice. 

When we ran the import job, the changes made in Azure AD did not reflect in Saviynt. We performed the following troubleshooting steps:

1. Verified that the connection was successful

2. Verified that the JSONs used in the connection are correct in terms of their syntax.

3. Performed tests with the incremental account import to verify that the above are correct. These were successful and reflected account changes made to the source data in Saviynt.

4.  Verified that the incremental access import job was configured successfully and that the status of the job was successful when run.

5. Verified that the delta token was saved as part of the incremental access import and was updating after successive runs of the job. 

6. Investigated the logs to identify if there are any errors present. There were none that I could identify that correspond to the Azure AD incremental access import job. 

7. Using the Microsoft Graph API I ran multiple API calls (using postman) to the Azure AD source that we are using to verify that the delta token stored in the job history reflected the changes we expected to see. These API calls were successful and reflected the group membership changes made in the source by the Third Party Vendor.

Please can you assist?

16 REPLIES 16

rushikeshvartak
All-Star
All-Star

What is error ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi @rushikeshvartak

 

There is no error flagged in the logs or when we run the job via the job control panel. The only way that we know that there is an error is that we made changes to the source data(Azure AD/ Entra ID) and those changes aren't reflecting in Saviynt.

Alex_Terry
Regular Contributor
Regular Contributor

@rushikeshvartak please see attached logs if that is of use.

Alex_Terry
Regular Contributor
Regular Contributor

@rushikeshvartak any update on this?

Please confirm below

  • Are you using Account/Entitlement Filter in connection
  • Please share config json from Job when u run Custom_Access for Ent import of Azure

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

SB
Saviynt Employee
Saviynt Employee

Can you confirm

1. If you have defined any value under Import Config in the trigger for Incremental import.

2. What changes did you make to the Groups in target before running the incremental import.

3. what value is defined for ENTITLEMENT_FILTER_JSON 


Regards,
Sahil

Alex_Terry
Regular Contributor
Regular Contributor

Hi @rushikeshvartak , see responses to your questions below.
1. Entitlement filter in connection: No we are not using a filter, we intend to import all entitlements. For the accounts we are using a filter to exclude the service accounts until a later date.
2. Are you looking for the configuration of the import job itself? Also we are not using Custom_Access for this import.

Hi @SB , see responses to your questions below.
1. For the import config are you talking about the configuration for the import job itself or are you talking about the configJSON attribute in the connection?
2. The only changes we made to the groups was altering the group membership for some of the test accounts we are using. Effectively just removing them from one group and adding them into another.
3. ENTITLEMENT_FILTER_JSON is currently blank as we want to import all of the entitlements.

@rushikeshvartak @SB, can I get an update on this?

Please share connection config with masked confidential info and Job screenshot in word doc


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi @rushikeshvartak, there is not a single connection config parameter. Do you want all the individual parameters in the connection?

Full connection page screenshot


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Alex_Terry
Regular Contributor
Regular Contributor

@rushikeshvartak, please find attached

Job configs


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Alex_Terry
Regular Contributor
Regular Contributor

See screenshot

Alex_Terry_0-1703164156850.png

 

Can you try custom access import


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Alex_Terry
Regular Contributor
Regular Contributor

Hi @rushikeshvartak, This fix seemed to work. Thanks for the help.