PARTNERS - Please join us for our upcoming webinar:
Leveraging Intelligent Recommendations for Operational Transformation.
AMS Partners click HERE | EMEA/APJ Partners click HERE
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AzureAD account recon only showing active assigned Azure AD roles.

willmcreynolds
New Contributor
New Contributor

‎09/28/2023 02:17 PM

The eligible assigned Azure AD roles are not showing up so only roles that have been permanently activated or activated through PIM during the time of the AzureAD recon job are showing up. Is there a way to show Eligible assignments of Azure AD roles in the Saviynt Account.

0 Kudos
5 REPLIES 5

SB
Saviynt Employee
Saviynt Employee

‎10/03/2023 07:43 AM

Are these entitlements also assigned to the user or are these like the recommended entitlements that should be assigned to user.


Regards,
Sahil
0 Kudos

willmcreynolds
New Contributor
New Contributor
In response to SB

‎10/03/2023 07:58 AM

They are entitlements that are assigned to the user. I have attached a screenshot that shows the eligible assignments in AzureAD that should be showing up after a recon scan into AzureAD. However the only entitlement that is showing up in Saviynt is anything that is in the active assignments when the scan runs. I have attached a screenshot of the active assignments as well. And the last screenshot is from this user azure account in Saviynt which only shows the Global Reader Directory Role when it should be showing all eligible assigned roles and active roles.

Preview file
39 KB
Preview file
28 KB
Preview file
21 KB
0 Kudos

SB
Saviynt Employee
Saviynt Employee

‎10/03/2023 10:41 AM

Do you see these entitlements is Saviynt under the End point and if there are any accounts associated to these entitlements.


Regards,
Sahil
0 Kudos

willmcreynolds
New Contributor
New Contributor
In response to SB

‎10/03/2023 01:18 PM

Yes, the entitlements are available under the endpoint in Saviynt however the only accounts associated to those entitlements are the ones that are activated not the ones that are activated and available. We even have it setup where you can request the Directory Roles in ARS and that works however as soon as a job runs that checks azure to see which roles are attributed to the accounts only activated roles in Azure PIM show up.

0 Kudos

SB
Saviynt Employee
Saviynt Employee

‎10/10/2023 02:38 PM

Can you run the group api (for members info) in postman and confirm if those records are visible as part of the result data. I believe only the activated entitlements will be visible but can you run it once and check.


Regards,
Sahil
0 Kudos
Copyright © 2024 Khoros, LLC