Saviynt Forums

rajat1996 · ‎11/01/2023

Hi,

We have configured azure AD ootb connector for recon of accounts and access in our environment.

The jobs gets created automatically by the connector.

Now the incremental job is failing. I am attaching the errors below.

Since these jobs are not configured manually , they are created automatically by the connector. If anyone has faced such

Manu269 · ‎11/01/2023

@rajat1996

if you are using Accounts / Entitlement filter then you can't use incremental import

Note

Review the following considerations when using this parameter:

Use this parameter only when you are performing a full import of access.

Do not use the incremental import feature when you use this parameter to filter AAD groups.
The connector deactivates AAD groups and their associated accounts and entitlements that do not satisfy the filter criteria specified in this parameter.

Azure AD supports incremental import for only users and groups. When you run the incremental import, it performs a full import for other entitlement types and an incremental import for users and groups.

https://docs.saviyntcloud.com/bundle/AzureAD-v23x/page/Content/Import-Recommendations.htm

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

poonammhetre · ‎11/01/2023

@Manu269

We are not using any account/entitlement filter in the connection. Do you any pointers on below error?

https://graph.microsoft.com/beta/servicePrincipals?$top=999$skiptoken=RFNwdAIAAQAAADVTZXJ2aWNlUHJpbm..., Error Message - {"error":{"code":"BadRequest","message":"Invalid value '999$skiptoken=RFNwdAIAAQAAADVTZXJ2aWNlUHJpbmNpcGFsXzVjNDEwZGE5LWIyYTUtNDM1ZS05NGU4LWM4OTllM2NmOWZjMDVTZXJ2aWNlUHJpbmNpcGFsXzVjNDEwZGE5LWIyYTUtNDM1ZS05NGU4LWM4OTllM2NmOWZjMAAAAAAAAAAAAAAA' for $top query option found. The $top query option requires a non-negative integer value.","innerError":{"date":"2023-11-02T00:01:12","request-id":"e2d4f7ab-a2b4-4403-bd5f-f621ae2a1b12","client-request-id":"37ce60c5-9830-4981-a36d-45b9a2d0604c"}}}"

Thanks,

Poonam

SumathiSomala · ‎11/02/2023

@rajat1996 @poonammhetre

Are you using ENTITLEMENT_FILTER_JSON in connection?then incremental import doesnot work.

Are you using Import Config in Job details page ?then also incremental import doesnot work.

Import Config: Specify the entitlement types that you want to import and exclude in importEntTypes and excludeEntTypes in the JSON format.

Configuring the Integration for Account and Group Import (saviyntcloud.com)

In Log details page screenshot I can see you are importing Custom_access(Import Type ) .

Regards,
Sumathi Somala

poonammhetre · ‎11/02/2023

@SumathiSomala Yes, we are using custom access in incremental access job. Could you please point out to the documentation where it is mentioned that incremental import will not work in case of custom access import?

Thanks,

Poonam

SumathiSomala · ‎11/02/2023

@poonammhetre Already i have attached the screenshots.

If you specify the ENTITLEMENT_FILTER_JSON element in Application Data Import job then also it will not work

example:

{

"importEntTypes": {

"AADGroup": {}

},

"ENTITLEMENT_FILTER_JSON": {

"group_filter":"startswith(displayname,'AZ')&$count=true"

}

Specifying the filter conditions using the ENTITLEMENT_FILTER_JSON element of the Application Data Import job is deprecated in Release v2022.0.1.

Could you please share your Import Config?

Regards,
Sumathi Somala

poonammhetre · ‎11/02/2023

@SumathiSomala

Please find below import config.

{
"importEntTypes": {
"AADGroup": {},
"ApplicationInstance": {},
"DirectoryRole": {},
"Subscription": {},
"Application": {},
"DirectoryRoleMember": {},
"SKU": {},
"ServicePlans": {},
"MemberPermission": {},
"GuestPermission": {}
},
"excludeEntTypes": {
"Team": {},
"Channel": {}
}
}

Thanks,

Poonam

Saviynt Forums

Azure AD incremental job failure