Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure AD Incremental Access Import Error

Go to solution
Alex_Terry
Regular Contributor
Regular Contributor

‎11/16/2023 07:24 AM

Hello, 

We have recently implemented an Azure AD connector within a client's pre-prod Saviynt environment. To validate that the incremental access import job was functioning as expected we made changes to some test accounts within Azure AD and then ran the access import job twice. 

When we ran the import job, the changes made in Azure AD did not reflect in Saviynt. We performed the following troubleshooting steps:

1. Verified that the connection was successful

2. Verified that the JSONs used in the connection are correct in terms of their syntax.

3. Performed tests with the incremental account import to verify that the above are correct. These were successful and reflected account changes made to the source data in Saviynt.

4.  Verified that the incremental access import job was configured successfully and that the status of the job was successful when run.

5. Verified that the delta token was saved as part of the incremental access import and was updating after successive runs of the job. 

6. Investigated the logs to identify if there are any errors present. There were none that I could identify that correspond to the Azure AD incremental access import job. 

7. Using the Microsoft Graph API I ran multiple API calls (using postman) to the Azure AD source that we are using to verify that the delta token stored in the job history reflected the changes we expected to see. These API calls were successful and reflected the group membership changes made in the source by the Third Party Vendor.

Please can you assist?

0 Kudos
16 REPLIES 16

Go to solution
rushikeshvartak
All-Star
All-Star

‎11/16/2023 10:16 PM

What is error ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Alex_Terry
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎11/17/2023 07:21 AM

Hi @rushikeshvartak

 

There is no error flagged in the logs or when we run the job via the job control panel. The only way that we know that there is an error is that we made changes to the source data(Azure AD/ Entra ID) and those changes aren't reflecting in Saviynt.

0 Kudos

Go to solution
Alex_Terry
Regular Contributor
Regular Contributor

‎11/20/2023 03:06 AM

@rushikeshvartak please see attached logs if that is of use.

Preview file
2288 KB
Preview file
2436 KB
0 Kudos

Go to solution
Alex_Terry
Regular Contributor
Regular Contributor

‎12/06/2023 02:36 AM

@rushikeshvartak any update on this?

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Alex_Terry

‎12/11/2023 10:20 AM

Please confirm below

  • Are you using Account/Entitlement Filter in connection
  • Please share config json from Job when u run Custom_Access for Ent import of Azure

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
SB
Saviynt Employee
Saviynt Employee

‎12/11/2023 10:15 AM

Can you confirm

1. If you have defined any value under Import Config in the trigger for Incremental import.

2. What changes did you make to the Groups in target before running the incremental import.

3. what value is defined for ENTITLEMENT_FILTER_JSON 


Regards,
Sahil
0 Kudos

Go to solution
Alex_Terry
Regular Contributor
Regular Contributor

‎12/12/2023 02:23 AM

Hi @rushikeshvartak , see responses to your questions below.
1. Entitlement filter in connection: No we are not using a filter, we intend to import all entitlements. For the accounts we are using a filter to exclude the service accounts until a later date.
2. Are you looking for the configuration of the import job itself? Also we are not using Custom_Access for this import.

Hi @SB , see responses to your questions below.
1. For the import config are you talking about the configuration for the import job itself or are you talking about the configJSON attribute in the connection?
2. The only changes we made to the groups was altering the group membership for some of the test accounts we are using. Effectively just removing them from one group and adding them into another.
3. ENTITLEMENT_FILTER_JSON is currently blank as we want to import all of the entitlements.

0 Kudos

Go to solution
Alex_Terry
Regular Contributor
Regular Contributor
In response to Alex_Terry

‎12/18/2023 08:11 AM

@rushikeshvartak @SB, can I get an update on this?

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Alex_Terry

‎12/18/2023 08:57 AM

Please share connection config with masked confidential info and Job screenshot in word doc


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Alex_Terry
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎12/19/2023 06:50 AM

Hi @rushikeshvartak, there is not a single connection config parameter. Do you want all the individual parameters in the connection?

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Alex_Terry

‎12/19/2023 08:54 AM

Full connection page screenshot


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Alex_Terry
Regular Contributor
Regular Contributor

‎12/20/2023 03:21 AM

@rushikeshvartak, please find attached

Preview file
2349 KB
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Alex_Terry

‎12/20/2023 10:45 AM

Job configs


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Alex_Terry
Regular Contributor
Regular Contributor

‎12/21/2023 05:09 AM

See screenshot

Alex_Terry_0-1703164156850.png

 

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Alex_Terry

‎12/21/2023 10:48 AM

Can you try custom access import


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Go to solution
Alex_Terry
Regular Contributor
Regular Contributor

‎01/10/2024 02:13 AM

Hi @rushikeshvartak, This fix seemed to work. Thanks for the help.

 

0 Kudos
Copyright © 2024 Khoros, LLC