Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Admin Unit scoping of entitlements in Azure AD

DanJ
New Contributor III
New Contributor III

‎08/14/2023 07:00 AM

Hi all

Our Azure AD Directory Roles are scoped by admin unit, so for example someone can be in role User Administrator, but only have this access in the Sales Administrative Unit. The AzureAD connector doesn't understand AUs, so we aren't able to assign access or do attestation against these entitlements, as simply assigning the User Administrator entitlement will assign this across the whole tenant.

Has anyone else dealt with this problem? Could we add Administrative Units as an entitlement type and somehow use that to manage this?

Labels:
0 Kudos
3 REPLIES 3

Darshanjain
Saviynt Employee
Saviynt Employee

‎08/18/2023 05:26 AM

Hi @DanJ 

have you checked in postman to see how the Api response are coming when we are calling these entitlement values, it looks like a granular level entitlement where Azure Api's has to be supported then only we can internally check to see if its possible or not

 

Thanks

Darshan

0 Kudos

DanJ
New Contributor III
New Contributor III
In response to Darshanjain

‎08/21/2023 02:05 AM

@Darshanjain I will take a look at the API to see what is going on

0 Kudos

Darshanjain
Saviynt Employee
Saviynt Employee
In response to DanJ

‎08/21/2023 05:13 AM

Hi @DanJ 

i did found out something on the Api's to pull Admin units. here is the below link

https://learn.microsoft.com/en-us/graph/api/resources/administrativeunit?view=graph-rest-1.0

 

Also this is not supported in Azure Ad OOTB, But you can use Rest connector to pull Admin Units in saviynt manage the access.

 

Thanks

Darshan

0 Kudos
Copyright © 2024 Khoros, LLC