and more in a single search tool across platforms. Read the announcement here. |
02/03/2023 05:27 AM
I'm trying to import Azure AD groups with their respective owners into Saviynt.
I have Azure AD Connector set up. Connector imports accounts normaly. Groups are also imported as entitlements with this ENTITLEMENT_ATTRIBUTE:
"entitlementAttribute": {
"AADGroup": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"displayName": "description~#~char",
"customproperty1": "deletionTimestamp~#~char",
"customproperty2": "description~#~char",
"customproperty5": "dirSyncEnabled~#~char",
"customproperty6": "lastDirSyncTime~#~char",
"customproperty7": "mail~#~char",
"customproperty8": "mailEnabled~#~char",
"customproperty9": "onPremisesSecurityIdentifier~#~char",
"customproperty10": "securityEnabled~#~char",
"customproperty11": "groupTypes~#~listAsString",
"customproperty12": "membershipRule~#~char",
"customproperty13": "membershipRuleProcessingState~#~char",
"customproperty16": "resourceProvisioningOptions~#~char"
}
},
"AADGroupOwners": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"customproperty14": "ownerIdList~#~char"
}
But this settings does not populate CP14 on entitlement, nor can I set the actual owner of entitlement.
Is there anything that I'm missing here? How to set the actual owner for entitlement during import, not just populate CP14 with it's ID?
Thanks
02/03/2023 12:15 PM - edited 02/03/2023 12:16 PM
{
"entitlementAttribute": {
"AADGroup": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"customproperty1": "deletionTimestamp~#~char",
"customproperty2": "description~#~char",
"customproperty5": "membershipRule~#~char",
"customproperty7": "mail~#~char",
"customproperty8": "mailEnabled~#~char",
"customproperty9": "onPremisesSecurityIdentifier~#~char",
"customproperty10": "securityEnabled~#~char",
"customproperty11": "groupTypes~#~listAsString",
"customproperty12": "dirSyncEnabled~#~char",
"customproperty13": "membershipRuleProcessingState~#~char",
"customproperty16": "resourceProvisioningOptions~#~char",
"customproperty30": "visibility~#~char"
}
},
"AADGroupOwners": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char"
}
}
}
}
02/05/2023 04:50 PM
User this to import Owner informations
"AADGroupOwners": { "colsToPropsMap": { "entitlementID": "id~#~char", "entitlement_value": "displayName~#~char", "customproperty14": "ownerIdList~#~char", "customproperty15": "ownerTypeList~#~char" } }
02/05/2023 05:23 PM
This will pull owners to child endpoints? ( endpoint created from endpoint filter)
02/06/2023 01:57 AM - edited 02/06/2023 02:01 AM
Hi,
Unofrutnatelly this does not work, unless there is something else that needs to be specified somewhere else.
And from hat I understand, this will import Ids and types into custom properties on the form, but it will not assign actual owner for entitlement, right?
If I update Azure AD group description in Azure AD, entitlement in Saviynt gets updated, so connection and synchronization works, but owner of Azure AD group is not assigned as entitlement owner.
02/06/2023 02:08 AM
This was issue with us, after adding patch its resolved. Raise FD ticket to get it resolved
02/14/2023 12:14 PM
So, it seems that above mentioned solution does work, but ONLY if a user that is defined as group owner in Azure AD has an email populated. Once I populated email addresses on the users, they got imported as entitlement owners.
02/14/2023 12:53 PM
It should be UPN
02/14/2023 12:57 PM
Yes, that's what I was expecting also. Those users in Azure AD which were put as an owner to the group had their UPN's since it is primary identifier in Azure AD, but dinn't have email populated. Once I populated their email, they showed up as owners in Saviynt.