Hi Team,
We are onboarding the Azure AD using Saviynt OOTB Azure AD connector.
We have a requirement to bring only AAD cloud-based group only and want to exclude the AAD on-premises AD groups.
In Azure AD connector we have ENTITLEMENT_FILTER_JSON parameter which is used to filter AAD group with simple graph API supported by Microsoft.
Unfortunately in our client environment, we don’t any naming convention on display name attribute for groups, so we can’t use any filter like displayname starts with az_ or something. So we need to have another attribute filter.
We tried with onpremisessyncenabled attribute which works with true condition and not with false value.
I.e $filter=onpremisessyncenabled eq True works fine
$filter=onpremisessyncenabled eq False not working
$filter=onpremisessyncenabled ne True not working.
We found some thing working with below condition.
https://graph.microsoft.com/beta/groups?$filter=onpremisessyncenabled eq null&$count=true along with “ConsistencyLevel” with value “eventual” as headers.
Do Saviynt support this kind of approach by passing headers in ENTITLEMENT_FILTER_JSON filter. Kindly provide some guidance or sample json here.
Thanks,
Balaji Balakrishnan
[This message has been edited by moderator to disable text hyperlinks]
