I am not since as far as i understood that only applies for setting up connections with other applications that use Active Directory in this specific case and my goal here is just importing the entitlements (with the filters mentioned) from Active Directory itself.
You can try memberOf Filter
Unfortunately that wouldn't solve my problem. That filter is for persons and my problem is regarding the groups. The filter i currently have for persons is needed when importing accounts, the problem is filtering the groups imported. Our situation is that we want to import accounts and the groups to which those accounts are part of, except some groups that should be filtered according to the restrictions mentioned.
Can you refer documentation for same : https://saviynt.freshdesk.com/support/solutions/articles/43000615764-active-directory-ad-connector-g...
As referenced in the documentation the endpoints_filter parameter "creates endpoints based on the list of groups specified in the JSON and associates all accounts having access to these groups to the created endpoint." I do not wish to import the groups as endpoints but rather filter the groups that are imported as entitlements when the Import Accounts job is performed with the Entitlement Attribute as memberOf.
Thanks, i have made some progress. There is still one thing i cant quite resolve. Lets say i want to import all groups except the ones starting with the following,
Is there any way to put that expression in the negative so i don't have to list all of the other groups?
@Avdupa1070 I understand the problem statement, and currently, it is not supported in our connector.
The entitlements imported as part of account import only have their entitlement_value populated and not the meta-data. We import those groups via account import as they are present in the memberOf attributes in the AD user objects.