We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Azure AD Group Management - UPN provisioning

Regular Contributor
Regular Contributor

Hi All,

We have a use case to provision an attribute, UPN , as a part of Azure AD provisioning via Saviynt directly to the target. We have implemented the logic on the createAADgroup.gsp and the OOTB Manage AAD form looks fine.

The only issue that we see is that there does not seem to be an attribute to hold UPN on the target AAD side, also, we tried provisioning it to the Mail Attribute but are thrown with an error message that the attribute is read only.

We would like to understand if this is a feasible use case with an Azure AD OOTB connector, if yes, can we please get some assistance on how to proceed further. Please find the creategroupjson being used below:

"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/groups",
"httpMethod": "POST",
"httpParams": "{\"description\": \"${roles.description}\", \"Mail\": \"abc@domain.com\", \"displayName\": \"${roles.role_name}\", \"groupTypes\": [\"${(roles.customproperty21=='Office365')?'Unified':''}\"], \"mailEnabled\": \"${roles.customproperty22 == '1' ? true : false}\", \"mailNickname\": \"${roles.customproperty2}\", \"securityEnabled\": \"${roles.customproperty23 == '1' ? true : false}\",\"owners@odata.bind\": [\"${allOwner}\"]}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
"httpContentType": "application/json"

This json works fine when the \"Mail\": \"abc@domain.com\" attribute is removed. Attaching the error messages below.




[This message has been edited by moderator to remove domain info]


Saviynt Employee
Saviynt Employee

Hello @Aashish-Handa,

Currently, implementing this functionality is not feasible due to the lack of support in the target system. thought, you could explore the option of using extension attributes as an alternative approach.