We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Associate Entitlements with Accounts in Azure REST

BillyMai
New Contributor III
New Contributor III

We are using a REST connector for our Azure AD tenant to apply filters to our searches. We are able to import the accounts and the entitlements independently but not able to get the entitlements associated with the accounts. 
Essentially using the same acctEntParams (under the entitlementParams and accountParams) from this forums post https://forums.saviynt.com/t5/general-discussions/azure-rest-connector-account-group-import/m-p/2897
However looking at the Logs i don't think it's making this last api call (https://graph.microsoft.com/v1.0/groups/${id}/members/microsoft.graph.user) at all.

Does anyone have a sample ImportAccountEntJSON that is working for Microsoft graph api?

7 REPLIES 7

rushikeshvartak
All-Star
All-Star

Any reason why not to use OOTB AzureAD Connector ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

BillyMai
New Contributor III
New Contributor III

We do not want to make use of the OOTB Azure connector as we need to filter out certain AAD accounts and AAD groups.

AAD Groups and Account filter is exists in OOTB connector

rushikeshvartak_0-1702093694873.png

rushikeshvartak_1-1702093709575.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

the Accounts_Filter in OOTB does not support an attribute we need to filter on. we are filtering on onPremisesSyncEnabled eq null 

BillyMai
New Contributor III
New Contributor III

it looks like it's not translating the ${id} 

Got Webservice API Response: [error:Error Illegal character in path at index 41: 

https://graph.microsoft.com/v1.0/groups/${id}/members/microsoft.graph.user?$filter=NOT%20(%20onPremi...

Rajesh-R
Saviynt Employee
Saviynt Employee

@BillyMai - The Accounts_Filter and Group Filter in OOTB does support onPremisesSyncEnabled eq null 

In face we are using the following ENTITLEMENT_FILTER_JSON:

{
"group_filter": "onPremisesSyncEnabled ne true"
}

The support for the header - ConsistencyLevel: "Eventual" is available from v23.8 onwards. This will allow you to use the "onPremisesSyncEnabled" with Advanced filter conditions.


Thanks
Rajesh Ramalingam
Saviynt India

BillyMai
New Contributor III
New Contributor III

got it thanks for sharing - we're still on v23.5 so we'll need another solution.