Saviynt Forums

gwagh · ‎03/12/2024

Hi Team,

We have to import only 2 AAD groups from Azure AD based on groups displayname we tried below syntax but its importing all groups and account.

Please let us know the proper syntax for this use case.

{ "group_filter":"displayName eq 'E3 License Group' or displayName eq 'F3 License Group'"}

{"group_filter":"startswith(Entitlement value eq 'E3 License Group')"}

$filter=displayName eq 'E3 License Group' or displayName eq 'F3 License Group'

{ "group_filter":"displayName eq 'E3 License Group' or displayName eq 'F3 License Group'"}

{"group_filter": "securityEnabled eq false"}

{"group_filter":"startswith(displayname eq 'E3 License Group')&$count=true"}

Thanks,.

Gaurav

AmitM · ‎03/12/2024

Hi @gwagh ,

This works for us : {
"group_filter":"startswith(displayName,%27Maersk WMS%27)"
}

One thing you need to make sure is you are replacing spaces with %20 and ' with %27. And follow Azure docs on what operators are supported.

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

gwagh · ‎03/12/2024

So In the connection I have to pass this json or in JOB we have to map this ?

AmitM · ‎03/12/2024

HI @gwagh , in the connection like this if you are using OOTB Azure Connector

If rest, then in importJson while calling get groups API.

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

RevatiTarale · ‎03/12/2024

@AmitM, @rushikeshvartak Which import type do you run after giving this ENTITLEMENT_FILTER_ JSON in the connector?

Do I need to run a custom access import type? or only Access type will work?

rushikeshvartak · ‎03/12/2024

Once ENTITLEMENT_FILTER_ JSON is used run Full Import (Incremental is not supported)

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RevatiTarale · ‎03/12/2024

Tried this way as well. It gives me an Error in import - null message with job failure.

rushikeshvartak · ‎03/17/2024

Remove % and share logs in file

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

CR · ‎03/12/2024

@gwagh below help full

https://forums.saviynt.com/t5/identity-governance/importing-only-specific-groups-openldap/m-p/32393

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

gwagh · ‎03/12/2024

This is for OnPrem Active Directory, I want to use this in Azure AD, Thanks for your response.

Manu269 · ‎03/12/2024

@gwagh Few points to note :

Ensure that the filter conditions that you specify are supported by the Graph API.

If filter conditions are defined in this parameter and the ENTITLEMENT_FILTER_JSON element of the Application Data Import job, the filter criteria defined in the Application Data Import job trigger takes precedence

Specifying the filter conditions using the ENTITLEMENT_FILTER_JSON element of the Application Data Import job is deprecated in Release v2022.0.1.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

rushikeshvartak · ‎03/12/2024

Add below condition in Azure AD Connection used for Import in ENTITLEMENT_FILTER_JSON

{ "group_filter":"displayName eq 'E3 License Group' or displayName eq 'F3 License Group' "}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RevatiTarale · ‎03/12/2024

I tried with the same but it import all AAD groups from Azure. Doesn't filter according to the Entitlement filter JSON.

Saviynt Forums

Azure AD Entitlment Filter is not working