Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Entra ID / Azure AD via Application Integration - Provisioning issues

Murmur
Regular Contributor III
Regular Contributor III

Hi everyone, 

I'm currently working on the integration of Entra ID into Saviynt to be able to provision accounts into Entra ID.

I tried to create a new App instance via Design > Microsoft Azure AD.

After filling out and successfully testing everything in the wizard, I see, that two Connectors (+ Security System + Endpoint) were created. When I click "Save & Test Connection" from Admin > Connectors, both connectors succeed. 

Murmur_0-1695825680834.png

Unfortunately, this does (for unknown reasons) not allow me to provision Accounts to Entra ID yet.

When I go to Design > Application Instance > Advanced and click "Test Connection" for Import Connection, if succeeds, for the Provisioning connection it says "Connection failure, however you can edit this later". The log file does not give me any valuable insights, why it is failing.

Right after that, the Connection Type of the EXTERNALCONNECTION suddenly changed from AzureAD to REST, without me changing / saving anything. I know that sounds weird, but I tried it out several times, even though the change history has another iopinion on that. 

Murmur_1-1695826124971.png

Murmur_2-1695826255171.png

So my questions are: 

  1. Am I missing something obvious for setting up Account Provisioning to Azure AD? 
  2. Are there additional ways to debug this, besides the Logs under Admin > Admin Function > Logs? I already tried to add the "showLogs" value in the ConfigJSON field, but this does not seem to do much. 
  3. Am I the only one with this issue? Especially the unsolicited Connector Type change. 

Thank you in advance for your input everyone 🙂

 

4 REPLIES 4

nimitdave
Saviynt Employee
Saviynt Employee

@Murmur , for Azure AD integration with EIC , Reconciliation is done using AzureAD Connection and provisioning is fulfilled by a REST Connection. So that is the reason you are seeing 2 connection 1 of azuredad and another of REST connection type. 

Murmur
Regular Contributor III
Regular Contributor III

Hi @nimitdave,

Thanks for your reply! 

I'm aware of the fact, that this integration needs two connectors, and in the first screenshot everything looks fine.  

Unfortunately, after clicking Test Configuration under Design > Advanced Configuration > Import / Provisioning Connection, the AzureAD connector suddenly turns into a REST connector and due to that breaks everything.

Murmur
Regular Contributor III
Regular Contributor III

We were able to fix at least the provisioning issue.

We found out, that the Logs are not the gold standard of debugging issues in Saviynt, but the Pending Tasks are, as they give us the return value of the remote REST endpoint, including a error message.

 It would be really helpful, if this could be added to the Connectors FAQ page, or the debugging guide, as it is not very obvious, that Pending Tasks is the first point to check, if something goes wrong. 

The Connector Type change is still weird.

 

Dave
Community Manager
Community Manager

You can provide this feedback directly to the Documentation Team on the Documentation Portal. Navigate to the page(s) that need improving and click the "Feedback" button". 

Docs Feedback.jpg

The documentation team meets regularly to discuss any and all feedback given on the documentation portal.