Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Excluding AzureAD Groups of membership type is dynamic and synced from On-premise AD

sreehariv
New Contributor III
New Contributor III

‎04/11/2023 07:03 AM

Hello Team,

We have a requirement to filter the Azure AD Groups during recon (not to import in to saviynt).

 

We have added the below filters and tried but it doesn't workout

 


{
"group_filter": "NOT(groupTypes/any(i:i eq 'DynamicMembership')) OR onPremisesSyncEnabled ne 'true'"
}

 

 

Groups are not filtered. 

 

We have tried this in postman using Microsoft graph api and it says

NOT is not a supported type in filter clause.

Can you please suggest us how we can  achieve this.

 

Thanks

Sreehari

Labels:
0 Kudos
1 REPLY 1

RakeshMG
Saviynt Employee
Saviynt Employee

‎04/12/2023 12:40 AM

Please try following sample :

group_filter":"startswith(displayname,'AZ')&$count=true"

Also you can create a custom_access import trigger for Azure AD and put the import config as needed.

RakeshMG_0-1681285210221.png

 

If you need only AADGroups to be pulled in, you can put something like below.

{
"importEntTypes": {
"AADGroup": {}
},
"excludeEntTypes": {
"Team": {},
"Channel": {},
"MemberPermission": {},
"GuestPermission": {},
"ApplicationInstance": {},
"InterAppOauthPermissions": {},
"DirectoryRole": {},
"Subscription": {},
"Application": {},
"DirectoryRoleMember": {},
"SKU": {},
"ServicePlans": {}
}
}


​Regards

Rakesh M Goudar
0 Kudos
Copyright © 2024 Khoros, LLC