Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

AzureAD account recon only showing active assigned Azure AD roles.

willmcreynolds
New Contributor
New Contributor

The eligible assigned Azure AD roles are not showing up so only roles that have been permanently activated or activated through PIM during the time of the AzureAD recon job are showing up. Is there a way to show Eligible assignments of Azure AD roles in the Saviynt Account.

5 REPLIES 5

SB
Saviynt Employee
Saviynt Employee

Are these entitlements also assigned to the user or are these like the recommended entitlements that should be assigned to user.


Regards,
Sahil

They are entitlements that are assigned to the user. I have attached a screenshot that shows the eligible assignments in AzureAD that should be showing up after a recon scan into AzureAD. However the only entitlement that is showing up in Saviynt is anything that is in the active assignments when the scan runs. I have attached a screenshot of the active assignments as well. And the last screenshot is from this user azure account in Saviynt which only shows the Global Reader Directory Role when it should be showing all eligible assigned roles and active roles.

SB
Saviynt Employee
Saviynt Employee

Do you see these entitlements is Saviynt under the End point and if there are any accounts associated to these entitlements.


Regards,
Sahil

Yes, the entitlements are available under the endpoint in Saviynt however the only accounts associated to those entitlements are the ones that are activated not the ones that are activated and available. We even have it setup where you can request the Directory Roles in ARS and that works however as soon as a job runs that checks azure to see which roles are attributed to the accounts only activated roles in Azure PIM show up.

SB
Saviynt Employee
Saviynt Employee

Can you run the group api (for members info) in postman and confirm if those records are visible as part of the result data. I believe only the activated entitlements will be visible but can you run it once and check.


Regards,
Sahil