Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure AD Security Group Members: Devices instead of user accounts

Paul_Meyer
Regular Contributor
Regular Contributor

‎08/10/2022 06:22 AM

A customer is managing device feature access such as USB port access via policies based on AAD Group membership. The AAD Group members are Device objects instead of typical user accounts. The user account and device registration/association are managed via InTune.

Is it possible in Saviynt to manage AAD Devices as AAD Group members? Such as, a user can request access to an AAD Group for a period of time and Saviynt would provision the user's device(s) as members of the associated AAD Group, and deprovision at some time in the future.

 

0 Kudos
2 REPLIES 2

Belwyn
Saviynt Employee
Saviynt Employee

‎08/23/2022 09:37 PM

Hi @Paul_Meyer 

Thank you for reaching out to us, 

The short answer is yes, you can manage the device objects as AAD Group members, and further you can also make this access a time bound request or you could take a different route where in you could bring in the device objects as a standalone entitlements to Saviynt platform and make them requestable. 

Thanks & Regards, 
Belwyn.

Belwyn
Saviynt Employee
Saviynt Employee

‎08/29/2022 03:55 AM

@Paul_MeyerI did some research on this and found out that Saviynt OOB Azure AD connector can not support this operation of getting the Device object and managing it, as it can manage only members, Having said that you can make use of our REST connector for this use case. 

Copyright © 2024 Khoros, LLC