01/11/2023 01:01 AM
We are trying to onboard AAD based application to Saviynt using azure connector in a similar way we onboard logical apps using AD Connector. For the AD based logical apps we have to update endpoint filter , but we don’t know how to update JSON for AAD enterprise app. Do you have any experience in that? Currently we use Enterprise Roles for AAD apps, but want to use AAD as an connector.
01/11/2023 03:18 AM
Hi ,
From 2021.0.4 X onwards , Saviynt EIC does support ENDPOINTS_FILTER in the AAD connector itself.
you could use it the same way you use AD Endpoint_filter
Sample JSON:
{
"EP-AAD-XXX-ILESX": [
{
"AADGROUP": [
"O365_XXX-ILESX-QA-%"
]
}
]
}
01/11/2023 08:58 AM
Does it mean that endpoint can be connected using Azure only with version 2021? We are using version 5.5 sp.9. In that case the only possibility for us now is to use Enterprise Roles to give access to the specific AAD app?
01/11/2023 10:02 AM
This feature is supported from v2021 hence if you required check with CSM if this feature can be backported or not ?
You can still use enterprise role
01/11/2023 04:31 AM
It supports enterprise roles also below is json
{ "Endpoint1":[ { "AADGROUP":[ "azure-group-awstest%", "aws_security_ma_operational%" ] } ], "Endpoint2":[ { "AADGROUP":[ "Azure-Security-Sentinel-%" ] } ] }