Hi

I have tried configuring Azure AD as an Identity provider for Identity Awareness Access rules.

The Identity Provider object Azure is looking good.

The Azure AD object gives a green "connected" label when clicking "test connection".

All looking good. Until...

When I try to create a new access role and I browse Azure AD for users, the smartconsole throws an error saying "Failed to fetch objects from the Data Center. Please try again soon. If the issue persists, contact Check Point Support".

If I go to the drop down menu and select our on-prem AD it works as intended.

Now if I jump back and forth between the two, a couple of times, suddenly Azure AD works, and I am able to see my groups and users in Azure AD.

I can see the errors and successes in the cpm.elg log, but googling the errors gives me nothing.

When it is able to browse Azure AD i get this info message in the cpm.elg log:

INFO cloud.connection.GetAllCloudElementsCodeQueryHandler [xxxxxxxxxxxxxx-xxxxxxx]: finished processing.. number of results: 100, totalCount=4314

When it failes I get this error message in the cpm.elg log:

ERROR cloud.connection.GetAllCloudElementsCodeQueryHandler [xxxxxxxxxxxxxxxx-xxxxxxxx]: failed to execute command. error= at com.checkpoint.management.cloud.connection.GetAllCloudElementsCodeQueryHandler.performRemoteQUery(GetAllCloudElementsCodeQueryHandler.java:48)

If the only issue was a buggy browsing experience, I wouldn't be too bothered, but none of my security policies created using Azure AD groups are working.

How would I go about troubleshooting this issue? Are there other log files which may give me some more insight?