Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

AzureAD or Entra ID Connection group membership not reflecting post Recon

KTaggart
New Contributor III
New Contributor III

We have created connection for AAD, we are able to reconcile users, and we are also able to recon groups as well, however we do not see the user's AADGroup associated to the account.

5 REPLIES 5

rushikeshvartak
All-Star
All-Star

Can you share account attribute configuration from import connection 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hello Rushikesh,

 

Here is the Account_Attributes from the connection

{ "acctLabels": { "customproperty1": "Given Name", "customproperty2": "Last Name" }, "colsToPropsMap": { "accountID": "userPrincipalName~#~char", "displayname": "displayName~#~char", "customproperty1": "givenName~#~char", "customproperty2": "surname~#~char", "customproperty7": "accountEnabled~#~char", "name": "userPrincipalName~#~char", "customproperty3": "mailNickname~#~char", "customproperty4": "id~#~char", "customproperty5": "userPrincipalName~#~char", "customproperty6": "createdDateTime~#~char", "customproperty10": "accountEnabled~#~char"}}

Please try below entitlement attributes config in connection 

{
"entitlementAttribute": {
"AADGroup": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"description": "description~#~emchar",
"customproperty1": "deletionTimestamp~#~char",
"customproperty3": "membershipRule~#~char",
"customproperty5": "dirSyncEnabled~#~char",
"customproperty6": "lastDirSyncTime~#~char",
"customproperty7": "mail~#~char",
"customproperty8": "mailEnabled~#~char",
"customproperty9": "onPremisesSecurityIdentifier~#~char",
"customproperty10": "securityEnabled~#~char",
"customproperty11": "groupTypes~#~listAsString",
"customproperty13": "membershipRuleProcessingState~#~char",
"customproperty16": "resourceProvisioningOptions~#~char",
"customproperty17": "onPremisesSyncEnabled~#~char",
"customproperty30": "visibility~#~char"
}
},
"AADGroupOwners": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char"
}
}
}
}


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

KTaggart
New Contributor III
New Contributor III

Good Morning Rushikesh,

 

I have updated the JSON as per your recommendation, and also re-ran the recon job, the job completed however we still did not see the group membership ties to the users, additionally in below screenshot I am seeing delete mapping instead of add

AADGroupRecon.PNG

  

Logs does not have anything about Job execution.

Can you share json used in job for pulling custom access


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.