Additional Configuration Parameters
You must add the following attributes in the connector using the application Debug page in IdentityIQ.
createAppTemplateSPNDelay
(Only applicable for create service principals and applications that are created making use of gallery templates).
The time, in seconds, to wait after the create service principal and application, and before making the update for basic SAML configuration. The default is 24 seconds.
For example, <entry key="createAppTemplateSPNDelay" value="30"/>
performGetObjectForEXOAttributes
To enable / disable reading of exchange online attributes from exchange system (real time exchange online attribute values) during explicit get object call for specified user, set the value of performGetObjectForEXOAttributes attribute to true
<entry key="performGetObjectForEXOAttributes">
<value>
<Boolean>true</Boolean>
</value>
</entry>Note
This configuration parameter is applicable only for get object call. Enabling this configuration parameter will degrade performance of get object calls.
createAccountTimelag
Time in seconds to wait after create account and before calling get account. The default is 20 seconds.
For example, <entry key="createAccountTimelag" value="20"/>
maxReadTimeout
Time in seconds to wait for getting response from the REST call before the read operation times out. The default is 180 seconds.
For example, <entry key="maxReadTimeout" value="200"/>
maxRetryCount
Indicates the number of time read operation must be performed on the errors that appear. The default is 5.
For example, <entry key="maxRetryCount" value="6"/>
retryableErrorsOnAgg
List of errors which must be retried if occurred during aggregation or get operation. Type: List of strings.
userPartitions
List of filters to be used for creating partitions during partitioned aggregation.
For more information, refer to Partitioning Aggregation.
partitionHost
(Applicable only for partitioned account delta aggregation) The partition host is the host on which all delta partitions must be executed. The following is an example for the partitionHost configuration attribute:
<entry key="partitionHost" value= "myhost"/>
skipMailEnabledGroup
If set to true, Mail Enabled Groups is skipped during aggregation. The default value is false.
For example, <entry key="skipMailEnabledGroup" value="true"/>
aggregateAllGroups
If set to true, all types of groups (that are, Security, Office 365 (Unified), Distribution List, Mail Enabled Security) are aggregated. The default value is false.
For example, <entry key="aggregateAllGroups" value="true"/>
fetchB2CMembership
(Applicable for B2C tenant only) If set to true B2C user memberships is fetched for all users. The default value is false.
For example, <entry key="fetchB2CMemberships" value="true"/>
teamsConfiguration
(Applicable only when teamsEnabled is selected for Group creation) Teams configuration with which all teams are created. For more information on the default settings, refer to Additional Configuration Parameters.
createGroupTimelag
Time in seconds to wait after create group and before calling get object. The default is 5 seconds.
For example, <entry key="createGroupTimelag" value="10"/>
useMSGraphAPI
Enables use of Microsoft Graph API for all connector operations.
For example, entry key="useMSGraphAPI" value="true"
msgraph-api-version
The Microsoft Graph API version is configurable.
Add the following entry key in the application debug page:
<entry key="msgraph-api-version" value="v1.0"/>
The value of the attribute must be a valid version stated by Microsoft for MS Graph APIs.
skipEncodingImmutableId
Enable to skip encoding of ImmutableID while creating a federated user. Enable this feature by skipEncodingImmutableID parameter to true. The default value is false.
For example,
<entry key="skipEncodingImmutableId" value="true"/>
retainSPNAppAfterDelete
By default, the connector deletes the application object along with the service principal. When set to true, the connector only deletes the service principal and retains the corresponding application.
supportsAdvancedAccountFilter
If you're using the advanced filters you must add the supportsAdvancedAccountFilter attribute to the application Debug page. The connector will then automatically add the required header (ConsistencyLevel:eventual) in the header and add &$count=true
For example:
<entry key="supportsAdvancedAccountFilter" value="true" />
manageAdminConsentedPermissions
Enable this flag to manage admin consented permissions for service principals by adding the attribute to the application Debug page. For example:
<entry key="manageAdminConsentedPermissions" value="true" />
fetchServicePlan
To disable fetching of service plans during account and group aggregation, set the value of fetchServicePlan to false using the
<entry key="fetchServicePlan">
<value>
<Boolean>false</Boolean>
</value>
</entry>Default Settings for Teams Configuration
Teams can be created by selecting Group Type as Office 365 and selecting teamsEnabled in Group Creation. For Teams creation owner having Teams license must be provided. By default, Teams are created with the following settings:
"memberSettings": {
"allowCreateUpdateChannels": true,
"allowDeleteChannels": true,
"allowAddRemoveApps": true,
"allowCreateUpdateRemoveTabs": true,
"allowCreateUpdateRemoveConnectors": true
},
"guestSettings": {
"allowCreateUpdateChannels": false,
"allowDeleteChannels": false
},
"messagingSettings": {
"allowUserEditMessages": true,
"allowUserDeleteMessages": true,
"allowOwnerDeleteMessages": true,
"allowTeamMentions": true,
"allowChannelMentions": true
},
"funSettings": {
"allowGiphy": true,
"giphyContentRating": "strict",
"allowStickersAndMemes": true,
"allowCustomMemes": true
}
}To create Teams with custom settings, add the following entry key in the application debug page:
<entry key="teamsConfiguration" value="{"memberSettings": {"allowCreateUpdateChannels": false, "allowDeleteChannels": true, "allowAddRemoveApps": false, "allowCreateUpdateRemoveTabs": false, "allowCreateUpdateRemoveConnectors": true}}" />
Note
The custom settings must be in valid JSON format and HTML escaping must be performed before adding to XML, that is, double quotes must be replaced with ".
Note
Team creation within 15 minutes of Microsoft group creation can fail with a 404 error code due to replication delays. If group creation fails, retry with a 10 second delay between calls. The Microsoft Entra ID connector follows this recommended pattern.