The eligible assigned Azure AD roles are not showing up so only roles that have been permanently activated or activated through PIM during the time of the AzureAD recon job are showing up. Is there a way to show Eligible assignments of Azure AD roles in the Saviynt Account.
They are entitlements that are assigned to the user. I have attached a screenshot that shows the eligible assignments in AzureAD that should be showing up after a recon scan into AzureAD. However the only entitlement that is showing up in Saviynt is anything that is in the active assignments when the scan runs. I have attached a screenshot of the active assignments as well. And the last screenshot is from this user azure account in Saviynt which only shows the Global Reader Directory Role when it should be showing all eligible assigned roles and active roles.
Yes, the entitlements are available under the endpoint in Saviynt however the only accounts associated to those entitlements are the ones that are activated not the ones that are activated and available. We even have it setup where you can request the Directory Roles in ARS and that works however as soon as a job runs that checks azure to see which roles are attributed to the accounts only activated roles in Azure PIM show up.
Can you run the group api (for members info) in postman and confirm if those records are visible as part of the result data. I believe only the activated entitlements will be visible but can you run it once and check.