Saviynt Forums

NM · ‎01/23/2024

Hi,

We would like to import two groups based on id using entitlement_filter_json present in AzureAD OOTB connector.

Tried using id eq 'abc', but it gives an error message, Invalid entitlement_filter_json.

Tried to mention the same in custom access which imported all the entitlement types.. even though we wanted only 2 groups and to fall under AAD group entitlement type.

Has anyone tried to import using id(object id) as a filter? Do we have to mentioned the entitlement type that we have to import under custom access even though we are using a id filter..

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

rushikeshvartak · ‎01/23/2024

Try below in connection Level

ENTITLEMENT_FILTER_JSON

{ "group_filter":"startswith('Azure-Security-PIM-',displayName ) or displayName eq 'azure-group-rushi' "}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM · ‎01/23/2024

after adding this filter di i still need to define custom access in job? or it will automatically import it into AAD group entitlement type?

Note - Only want to import 2 groups that to under AAD group entitlement type.

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

rushikeshvartak · ‎01/23/2024

No custom access json needs to be updated

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

alvian · ‎03/18/2024

Hi Rushikesh,

I've tried to use this filter on my entitlement filter

{ "group_filter":"startswith('AWS',displayName)"

But the filter doesn't work at all, I still import all the AAD groups to my endpoint

NM · ‎03/18/2024

Hi @alvian , close the bracket at the end..

{ "group_filter":"startswith('AWS',displayName)"}

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

alvian · ‎03/18/2024

Yes, I've added that

NM · ‎03/18/2024

Hi @alvian, just add this { "group_filter":"startswith('AWS',displayName)"}

remove entitlement_filter_json as it the json name.

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

rushikeshvartak · ‎03/18/2024

Make sure you are using Full import and not incremental import

Please share job configs

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

alvian · ‎03/18/2024

I'm not trying to import entitlements with a filter. If that were the case, I've already done it by referring to this thread: https://forums.saviynt.com/t5/identity-governance/entitlement-filter-json-azuread-ootb-connector/m-p...

The idea is to create a REST API connection to AzureAD so that I can perform custom importacctentjson. Below are the accountParams from that connection:
{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/groups/8a614e3b-cbb1-4835-9a67-c7b504a42a16/members",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "*/*"
}
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "userPrincipalName~#~char",
"name": "userPrincipalName~#~char",
"displayName": "displayName~#~char",
"customproperty40": "id~#~char"
}
}
}
}
}
I can't input the ID into the accountID column because if I do, the import account job will fail due to duplicates with other accounts in the azureAD endpoint. So, I've inputted the ID into CP40, and it works fine until I get confused about performing the account-entitlement mapping.

rushikeshvartak · ‎03/19/2024

Does Apis working in postman

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

Entitlement_filter_json AzureAD OOTB Connector