Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

REST connector to recon AzureAD accounts and entitlements

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:09 PM

Originally posted on May 28 2020 at 09:06 UTC

Hi - Seeking help with JSON for ImportAccountEntJSON block in the REST connector for AzureAD. I absolutely understand Saviynt has an OOTB connector to recon AzureAD accounts and entitlements. But my challenge with the OOTB AzureAD connector, it does not support filters. And I need to use filters since we have just one AzureAD tenant with production data. Hence exploring the REST connector to import just the test accounts and entitlements with help of filters. I managed to build the JSON for ImportUser block with filters and it works just fine. But having a tough time constructing the JSON for ImportAccountEntJSON block. Any help is appreciated.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
6 REPLIES 6

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:28 PM

Originally posted on June 2 2020 at 16:29 UTC

Hi Leslie,


Filter is supported for azure ad accounts from v5.5SP2 release. Since building JSONs to fetch entitlements, account_entitlements, entitlement2 mapping for all the entitlements that we support will be very complex and also we can't support below use cases using REST connector.


  • Fetching both owners and members of azure ad groups and differentiating them as privileges.
  • Fetching role assignments for users, groups, service principals to service principals and oauth2permissiongrants between client and resource applications.
  • Support for incremental account and access import for group entitlement.
  • Capability to handle deleted users, group membership/ownership, deleted groups use cases.
  • Support for Lifecycle management of Azure AD Groups.
  • Fetching teams, channels, member permissions and guest permissions.
So we aren't supporting importing Azure AD using REST Connector as we already have a dedicated connector built for it

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:28 PM

Originally posted on June 2 2020 at 16:32 UTC

Hi Leslie,

Filter is supported for azure ad accounts from v5.5SP2 release. Building JSONs to fetch entitlements, account_entitlements, entitlement2 mapping for all the entitlements that we support will be very complex and also we can't support below use cases using REST connector.

  • Fetching both owners and members of azure ad groups and differentiating them as privileges.
  • Fetching role assignments for users, groups, service principals to service principals and oauth2permissiongrants between client and resource applications.
  • Support for incremental account and access import for group entitlement.
  • Capability to handle deleted users, group membership/ownership, deleted groups use cases.
  • Support for Lifecycle management of Azure AD Groups.
  • Fetching teams, channels, member permissions and guest permissions.

So we aren't supporting importing Azure AD using REST Connector as we already have a dedicated connector built for it

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:28 PM

Originally posted on June 3 2020 at 06:33 UTC

Hi Lokesh,


I so appreciate the time taken to respond. I'm happy to know AzureAD connector will support Filters from 5.5PS2 onwards. As you know AzureAD does not have have an OU like structure as we see in MS AD to pull only those data that we need, its key to have Filters in the connector to substitute the same.


Also, thanks for sharing the limitations of the REST connector with respect to AzureAD


Regards,

Leslie

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:28 PM

Originally posted on November 2 2020 at 13:03 UTC

Hello


What is the exact format we can use to apply filter in Azure AD connector for accounts?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:28 PM

Originally posted on March 9 2021 at 10:32 UTC

Hi,


Can someone please share the sample account entitlement import json for Azure AD with the syntax for filters.


Appreciate your help.


Thanks

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:28 PM

Originally posted on March 9 2021 at 10:47 UTC

There is an option to apply filter in the connection itself (Accounts filter option)


Try using the normal filter strings it works

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
Copyright © 2024 Khoros, LLC