Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/28/2023 02:17 PM
The eligible assigned Azure AD roles are not showing up so only roles that have been permanently activated or activated through PIM during the time of the AzureAD recon job are showing up. Is there a way to show Eligible assignments of Azure AD roles in the Saviynt Account.
10/03/2023 07:43 AM
Are these entitlements also assigned to the user or are these like the recommended entitlements that should be assigned to user.
10/03/2023 07:58 AM
They are entitlements that are assigned to the user. I have attached a screenshot that shows the eligible assignments in AzureAD that should be showing up after a recon scan into AzureAD. However the only entitlement that is showing up in Saviynt is anything that is in the active assignments when the scan runs. I have attached a screenshot of the active assignments as well. And the last screenshot is from this user azure account in Saviynt which only shows the Global Reader Directory Role when it should be showing all eligible assigned roles and active roles.
10/03/2023 10:41 AM
Do you see these entitlements is Saviynt under the End point and if there are any accounts associated to these entitlements.
10/03/2023 01:18 PM
Yes, the entitlements are available under the endpoint in Saviynt however the only accounts associated to those entitlements are the ones that are activated not the ones that are activated and available. We even have it setup where you can request the Directory Roles in ARS and that works however as soon as a job runs that checks azure to see which roles are attributed to the accounts only activated roles in Azure PIM show up.
10/10/2023 02:38 PM
Can you run the group api (for members info) in postman and confirm if those records are visible as part of the result data. I believe only the activated entitlements will be visible but can you run it once and check.