Our Azure AD Directory Roles are scoped by admin unit, so for example someone can be in role User Administrator, but only have this access in the Sales Administrative Unit. The AzureAD connector doesn't understand AUs, so we aren't able to assign access or do attestation against these entitlements, as simply assigning the User Administrator entitlement will assign this across the whole tenant.
Has anyone else dealt with this problem? Could we add Administrative Units as an entitlement type and somehow use that to manage this?
i did found out something on the Api's to pull Admin units. here is the below link
Also this is not supported in Azure Ad OOTB, But you can use Rest connector to pull Admin Units in saviynt manage the access.