Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/11/2023 02:09 AM
Hi.
Among the Azure AD groups, only the Security group is being imported.
I understand that I can use the filter provided by the Graph API.
The mailEnabled eq false condition was checked as a condition to find the Security group.
The result was confirmed by applying the Microsoft Graph API $filter through Postman.
https://graph.microsoft.com/v1.0/groups?$filter=mailEnabled eq false
Access verification was performed as follows.
Import Config
{
"importEntTypes": {
"AADGroup": {}
},
"ENTITLEMENT_FILTER_JSON": {
"group_filter":"mailEnabled eq false"
},
"excludeEntTypes": {
"DirectoryRole": {},
"Subscription": {},
"Application": {},
"ApplicationInstance": {},
"DirectoryRoleMember": {},
"AppRole": {},
"Oauth2Permission": {},
"SKU": {},
"ServicePlans": {},
"Team": {},
"MemberPermission": {},
"GuestPermission": {},
"Channel": {}
}
}
However, as a result, all Access Imports were processed.
Q1. Is the filter I used applicable?
Q2. If applicable, where is the wrong part?
Q3. If application is not possible, is there a way to import only GroupTypes: Security?
Solved! Go to Solution.
05/15/2023 02:22 PM
The filter available at trigger level is only used for Entitlement type filtering. In case you need to filter specific entitlements, you can use ENTITLEMENT_FILTER_JSON at Connection level. If you define the filter at trigger level it will take precedence over ENTITLEMENT_FILTER_JSON at connection. Refer below example for format to be used.
{
"group_filter": "securityEnabled eq false"
}