We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Azure AD - import AADGroupOwner

tgloblek
New Contributor III
New Contributor III

I'm trying to import Azure AD groups with their respective owners into Saviynt.

I have Azure AD Connector set up. Connector imports accounts normaly. Groups are also imported as entitlements with this ENTITLEMENT_ATTRIBUTE:

"entitlementAttribute": {
"AADGroup": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"displayName": "description~#~char",
"customproperty1": "deletionTimestamp~#~char",
"customproperty2": "description~#~char",
"customproperty5": "dirSyncEnabled~#~char",
"customproperty6": "lastDirSyncTime~#~char",
"customproperty7": "mail~#~char",
"customproperty8": "mailEnabled~#~char",
"customproperty9": "onPremisesSecurityIdentifier~#~char",
"customproperty10": "securityEnabled~#~char",
"customproperty11": "groupTypes~#~listAsString",
"customproperty12": "membershipRule~#~char",
"customproperty13": "membershipRuleProcessingState~#~char",
"customproperty16": "resourceProvisioningOptions~#~char"
}
},
"AADGroupOwners": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"customproperty14": "ownerIdList~#~char"
}

But this settings does not populate CP14 on entitlement, nor can I set the actual owner of entitlement.

Is there anything that I'm missing here? How to set the actual owner for entitlement during import, not just populate CP14 with it's ID?

Thanks

8 REPLIES 8

rushikeshvartak
All-Star
All-Star

 

{
  "entitlementAttribute": {
    "AADGroup": {
      "colsToPropsMap": {
        "entitlementID": "id~#~char",
        "entitlement_value": "displayName~#~char",
        "customproperty1": "deletionTimestamp~#~char",
        "customproperty2": "description~#~char",
        "customproperty5": "membershipRule~#~char",
        "customproperty7": "mail~#~char",
        "customproperty8": "mailEnabled~#~char",
        "customproperty9": "onPremisesSecurityIdentifier~#~char",
        "customproperty10": "securityEnabled~#~char",
        "customproperty11": "groupTypes~#~listAsString",
        "customproperty12": "dirSyncEnabled~#~char",
        "customproperty13": "membershipRuleProcessingState~#~char",
        "customproperty16": "resourceProvisioningOptions~#~char",
        "customproperty30": "visibility~#~char"
      }
    },
    "AADGroupOwners": {
      "colsToPropsMap": {
        "entitlementID": "id~#~char",
        "entitlement_value": "displayName~#~char"
      }
    }
  }
}

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

riteshkumar
Saviynt Employee
Saviynt Employee

User this to import Owner informations

 

  "AADGroupOwners": {
      "colsToPropsMap": {
        "entitlementID": "id~#~char",
        "entitlement_value": "displayName~#~char",
        "customproperty14": "ownerIdList~#~char",
        "customproperty15": "ownerTypeList~#~char"
      }
    }

This will pull owners to child endpoints? ( endpoint created from endpoint filter)


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

tgloblek
New Contributor III
New Contributor III

Hi,

Unofrutnatelly this does not work, unless there is something else that needs to be specified somewhere else.

And from hat I understand, this will import Ids and types into custom properties on the form, but it will not assign actual owner for entitlement, right?

If I update Azure AD group description in Azure AD, entitlement in Saviynt gets updated, so connection and synchronization works, but owner of Azure AD group is not assigned as entitlement owner.

This was issue with us, after adding patch its resolved. Raise FD ticket to get it resolved


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

tgloblek
New Contributor III
New Contributor III

So, it seems that above mentioned solution does work, but ONLY if a user that is defined as group owner in Azure AD has an email populated. Once I populated email addresses on the users, they got imported as entitlement owners. 

It should be UPN


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Yes, that's what I was expecting also. Those users in Azure AD which were put as an owner to the group had their UPN's since it is primary identifier in Azure AD, but dinn't have email populated. Once I populated their email, they showed up as owners in Saviynt.