Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error Encountered when assigning access to privileged group in Entra from Saviynt

Gaurav09
New Contributor
New Contributor

‎09/20/2024 03:40 AM

when I request access to any normal group from saviynt to Entra, there is no issue, and the access is granted. However, when I try to access to a privileged group, I encounter an error message saying.


Error message: {"auditDetails":{"AADGroup":[{"headers":null,"message":{"error":{"code":"Request_ResourceNotFound","message":"Resource '55d22167-43b6-4a6e-a765-f1bbd0ec63ca' does not exist or one of its queried reference-property objects are not present.","innerError":{"date":"2024-09-18T14:10:03","request-id":"891bb9a2-4d99-4fb4-8b48-57fc39da5a03","client-request-id":"891bb9a2-4d99-4fb4-8b48-57fc39da5a03"}}},"statusCode":404,"description":null,"status":"Failed"},

 

Help me resolve this error.

0 Kudos
6 REPLIES 6

rushikeshvartak
All-Star
All-Star

‎09/20/2024 03:45 AM

Root Cause

 

  • Group Does Not Exist: The group ID (55d22167-43b6-4a6e-a765-f1bbd0ec63ca) might not exist in Azure AD. Double-check if the group was deleted or renamed.
  • Incorrect Group ID: There might be a misconfiguration in Saviynt where the wrong group ID is being used for privileged groups.
  • Insufficient Permissions: Privileged groups might require elevated permissions that are not correctly configured for the user or service account making the request.
  • Privileged Group Management: Azure AD often has specific rules or configurations around managing privileged groups (e.g., needing Privileged Identity Management or specific admin roles to make changes).

 

 

  • Verify Group in Azure AD:

    • Check Azure AD (Entra) to ensure the group with ID 55d22167-43b6-4a6e-a765-f1bbd0ec63ca exists.
    • If it doesn’t exist, verify whether it has been renamed or deleted.

  • Check Group Permissions:

    • Ensure that the service account or user making the request in Saviynt has the necessary permissions to access privileged groups.
    • Privileged groups may require specific roles (e.g., Global Administrator or Privileged Role Administrator) to manage them.

  •  

 

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Gaurav09
New Contributor
New Contributor

‎09/20/2024 04:02 AM - edited ‎09/20/2024 04:15 AM

@rushikeshvartak 

I tried with the same group but made a change on Entra side. When I added the access to the privileged group, it didn't work. so, we removed it from privileged status and ran the access import job again to reflect the change's on Saviynt side as well and it worked fine, granting access.

What could be the issue in this case?

0 Kudos

Amit_Malik
Valued Contributor II
Valued Contributor II
In response to Gaurav09

‎09/20/2024 06:40 AM

when you say privileged group ? what do you mean ? Group managed thru PIM?

For PIM managed groups, we need to manage it via assignments

https://learn.microsoft.com/en-us/graph/api/rbacapplication-post-roleeligibilityschedulerequests?vie...

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".
0 Kudos

Gaurav09
New Contributor
New Contributor
In response to Amit_Malik

‎09/20/2024 08:33 AM

yeah. I want to give the access of PIM group from Saviynt. can u explain it more how I can do that

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Gaurav09

‎09/20/2024 07:17 AM

  • Removed it from privileged status  - this has no relation with it.
  • It seems group parameters - entitlement id / name must be updated which caused probelm and now resolved

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Gaurav09
New Contributor
New Contributor
In response to rushikeshvartak

‎09/20/2024 08:35 AM

no. It's a PIM group and I want to give the access of that group to user account.

0 Kudos
Copyright © 2024 Khoros, LLC