Skip to Content
0
Jul 18, 2023 at 05:36 PM

Provision Users & Groups from Azure to IAS via IPS

514 Views

Hello Community of Experts,

  • Our Goal: Provision all users from Azure that are in specific Azure groups based on the Azure group name starting with 'SAP-IAS-BTP' for example.
  • Our current config for MS Azure as Source in IPS:
  1. aad.group.filter: startswith(displayName,'SAP-IAS-BTP')
  2. aad.user.filter: mail ge ' '
  3. aad.user.filter.group.filter.combine: true

The read job itself is successful, the users and groups are exactly what we want. The problem we are running into is that it takes 8-10 hours for this to run. I do not see an option for Delta run on Azure AD connector.

So my questions are:

1. Based on my filters, would expectation be that it runs for 8-10 hours over an Azure AD which is roughly 250k users?

2. Is there a Delta mode for Azure AD read? I'm new to IPS so maybe I'm missing where this is located.

3. How can I improve this performance? We are going to need to run this job daily to get adds/removes from the Azure User Groups, so ideally whatever solution we have should be able to run in less than an hour

4. Am I going about this all wrong? Are there better ways to get ONLY the users from the subset of Azure AD groups into IAS?