Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure AD Group Management - UPN provisioning

Aashish-Handa
Regular Contributor
Regular Contributor

‎12/01/2023 04:58 AM - last edited on ‎12/01/2023 05:04 AM by Community Manager

Hi All,

We have a use case to provision an attribute, UPN , as a part of Azure AD provisioning via Saviynt directly to the target. We have implemented the logic on the createAADgroup.gsp and the OOTB Manage AAD form looks fine.

The only issue that we see is that there does not seem to be an attribute to hold UPN on the target AAD side, also, we tried provisioning it to the Mail Attribute but are thrown with an error message that the attribute is read only.

We would like to understand if this is a feasible use case with an Azure AD OOTB connector, if yes, can we please get some assistance on how to proceed further. Please find the creategroupjson being used below:

{
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/groups",
"httpMethod": "POST",
"httpParams": "{\"description\": \"${roles.description}\", \"Mail\": \"abc@domain.com\", \"displayName\": \"${roles.role_name}\", \"groupTypes\": [\"${(roles.customproperty21=='Office365')?'Unified':''}\"], \"mailEnabled\": \"${roles.customproperty22 == '1' ? true : false}\", \"mailNickname\": \"${roles.customproperty2}\", \"securityEnabled\": \"${roles.customproperty23 == '1' ? true : false}\",\"owners@odata.bind\": [\"${allOwner}\"]}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json"
}

This json works fine when the \"Mail\": \"abc@domain.com\" attribute is removed. Attaching the error messages below.

dec77864-88ca-4c2a-a41f-f5825c549b94.jpg

fb4e8177-0215-41d1-aea0-df385d2f44b3.jpg

Thanks

[This message has been edited by moderator to remove domain info]

Labels:
0 Kudos
1 REPLY 1

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎12/04/2023 09:42 PM

Hello @Aashish-Handa,

Currently, implementing this functionality is not feasible due to the lack of support in the target system. thought, you could explore the option of using extension attributes as an alternative approach.

Thanks

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos
Copyright © 2024 Khoros, LLC