Saviynt Forums

@JPMac 

Please check if there is any invalid attribute present if you are using the Account_Import_Fields parameter of Azure AD Connection. Also, make sure that you have included the accountEnabled property in Account_Import_Fields.

I checked the mapping provided above too and found that the below mapping fields seem invalid.
hireDate,signInActivity.lastSignInDateTime,physicalDeliveryOfficeName,telephoneNumber

I will recommend checking this as well.

Hi Team, thanks for your response.

Share the contents of the account attribute field.

======
accountEnabled,city,country,department,onPremisesSyncEnabled,displayName,onPremisesLastSyncDateTime,mobilePhone,id,businessPhones,usagelocation,userPrincipalName,userType,givenName,surname,mail,officeLocation,preferredLanguage,onPremisesImmutableId,onPremisesSecurityIdentifier,externalUserState,streetAddress,state,physicalDeliveryOfficeName,postalCode,telephoneNumber,employeeId,signInActivity

======

Something like signInactivity gets the user's last login time and is needed to detective the Dormant Account.

As above, "accountEnabled" is already in.

Regards,

@JPMac 

The Microsoft Graph API does not support retrieving SignInActivity information in the DeltaToken API which Azure AD connector invokes as a first call while Account import. Hence, It is failing to get the delta token with the below error.
And, Azure AD connector uses this delta token while incremental account import to get changes from the last account import.

Invalid request for delta query: for this entity set, $expand/$select is not supported for the following properties: signInActivity

You need to remove the signInActivity attribute from the Account_Import_Fields for incremental import to work.

Hi Team,

This error occurred even before adding SignInActivity to Account Fields. So even if you delete SignInActivity, the issue still occurs.

Regards,

Hi @JPMac 

Please try the below steps.
1. Remove these attributes (hireDate,signInActivity,physicalDeliveryOfficeName,telephoneNumber) from the Account_Attribute Field and mappings as well.
2. Run Full account import.
3. Run Incremental account import.

Share the log if the issue still persists.

@khalidakhter @ We have a requirement to bring physicalDeliveryOfficeName,telephoneNumber

How will we bring this in? We are getting error while running full import with these two fields in it. When we checked the job logs, it seems the api being called is delta. (https://graph.microsoft.com/v1.0/users/delta) is this a standard behavior with Saviynt? 

@shibinvpkvr 

For this, you can use the REST connector to import the above attributes in Saviynt. The OOTB Azure AD connector won't be able to import any attributes which are not supported in Delta API.

@khalidakhter could you please clarify if OOTB connector is using delta API for full import? if yes, what is the difference between full import and incremental import? 

@shibinvpkvr Azure AD connector gets the latest Delta token while full account import and stores it in the database and uses it while Incremental import to get the changes from the last import job.

@khalidakhter ok. so even in full account import, Delta token API being called which does not support physicalDeliveryOfficeName, telephoneNumber attributes. So we cannot include these in import in anyway if we are using OOTB Azure AD connector correct?

Yes, @shibinvpkvr . Right now, you will be able to import only those attributes that are supported in the DeltaToken API.
You can use the REST connector for account import if you want to import the above attribute information.