Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.


New Contributor III
New Contributor III

Hi Team,

We are planning to use ENTITLEMENT_FILTER_JSON in Azure AD OOTB Connector to bring only specific set of groups.


based on above documentation, 

  • The connector deactivates AAD groups and their associated accounts and entitlements that do not satisfy the filter criteria specified in ENTITLEMENT_FILTER_JSON parameter

So, what is meant by deactivation of associated accounts in above statement ?
     Accounts will get inactivated in Saviynt (status marked as SUSPENDED FROM IMPORT SERVICE / Inactive)
 Its just account entitlement association will be removed and account will not have any changes (No Status Change)

What happens to groups which does not satisfy the filter condition, though the statement says Deactivation, want to understand what exactly happens to group?
   Entitlement Status will be change to Inactive ?

Please provide some details.


Saviynt Employee
Saviynt Employee

The accounts which are not satisfying the condition and being imported in Saviynt will be marked as Suspended from Import service.

The entitlements will be set to Inactive if conditions are not satisfied.

Also the account entitlement association will be removed 

The groups will have accounts and entitlements, will not have status. But status of Account and entitlements will be updated.


Rakesh M Goudar

New Contributor III
New Contributor III

Hi Rakesh,

Why Entitlement_Filter_JSON decides the status of Accounts ?

We have dedicated Account Import job and it also has got Account_filter, that should ideally set the status of account based on the filter condition.

Entitlement status will be set to inactive and mapping between account to entitlement will be removed 

Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.