Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Import only certain groups using Azure AD OOTB connector

HenryMK
New Contributor III
New Contributor III

Hi.

Among the Azure AD groups, only the Security group is being imported.
I understand that I can use the filter provided by the Graph API.

MinKyuKim_1-1683795694519.png

The mailEnabled eq false condition was checked as a condition to find the Security group.
The result was confirmed by applying the Microsoft Graph API $filter through Postman.
https://graph.microsoft.com/v1.0/groups?$filter=mailEnabled eq false
MinKyuKim_0-1683795618872.png

 

Access verification was performed as follows.

MinKyuKim_2-1683795864047.png

Import Config

{
	"importEntTypes": {
		"AADGroup": {}
	},
	"ENTITLEMENT_FILTER_JSON": { 
		"group_filter":"mailEnabled eq false" 
	},
	"excludeEntTypes": {
		"DirectoryRole": {},
		"Subscription": {},
		"Application": {},
		"ApplicationInstance": {},
		"DirectoryRoleMember": {},
		"AppRole": {},
		"Oauth2Permission": {},
		"SKU": {},
		"ServicePlans": {},
		"Team": {},
		"MemberPermission": {},
		"GuestPermission": {},
		"Channel": {}
	}
}

 

However, as a result, all Access Imports were processed.

Q1. Is the filter I used applicable?

Q2. If applicable, where is the wrong part?

Q3. If application is not possible, is there a way to import only GroupTypes: Security?

 

1 REPLY 1

SB
Saviynt Employee
Saviynt Employee

The filter available at trigger level is only used for Entitlement type filtering. In case you need to filter specific entitlements, you can use ENTITLEMENT_FILTER_JSON at Connection level. If you define the filter at trigger level it will take precedence over ENTITLEMENT_FILTER_JSON at connection. Refer below example for format to be used.

{
"group_filter": "securityEnabled eq false"
}


Regards,
Sahil