Partitioning Aggregation

Important

SailPoint recommends to use aggregation without partitioning, if you want to enable PIM. This is because, aggregation with partitioning enabled, the connector has to fetch the PIM memberships by triggering individual APIs for each user, which takes time and may affect aggregation performance.

On the other hand, aggregation without partitioning, the connector fetches all the PIM memberships of the user using caching mechanism, making the process more efficient. So, whenever PIM is enabled, it is suggested to use full aggregation without partitioning.

The Microsoft Entra ID connector supports partitioning aggregation based on search filters. To use the partitioning feature complete the following:

Enable Partitioning on the aggregation task definition page by selecting the Enable Partitioning checkbox.

Add the following application configuration attribute:

The userPartitions configuration attribute is a multi-valued attribute. It’s value consists of different search filters for the attributes which are filterable like accountEnabled, city, displayName, mail, usageLocation and so on. For example:

Copy

<entry key="userPartitions">
    <value>
        <List>
             <String>startswith(displayName,'J')</String>
             <String>startswith(givenName,'Smith')</String>
             <String>accountEnabled eq true</String>
             <String>userPrincipalName eq 'Paul@contoso.onmicrosoft.com'</String>
        </List>
    </value>
</entry>

For large environments, for faster delta aggregation of the accounts, the connector supports partition delta aggregation.

Note
Due to PowerShell limitations, partitioning aggregation does not aggregate Exchange Online attribute details and Shared Mailbox as entitlement.

Supported Operators

Logical operators: and, or
Comparison operators: 'eq'(equal to), ge' (greater than or equal to) and 'le'(Less than or equal to)
startswith
any is supported while querying multi valued properties

For example,

proxyAddresses/any(c:c eq 'smtp:Mary@contoso.com')
proxyAddresses/any(c:startswith(c,'smtp:Mary@contoso.com'))

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Partitioning Aggregation

Supported Operators

Documentation Feedback