This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to import only AAD groups in Azure AD connector

rashmirudrappa
New Contributor III
New Contributor III

‎01-31-2023 06:08 AM

Hi 

We have a requirement to import only AAD groups in Saviynt Azure AD connector.

There is a sync between AD and Azure AD in our environment. Azure AD has both AD groups and AAD group. How to import only AAD groups in Azure AD connector.

Can we use ENTITLEMENT_FILTER_JSON? Any samples available?

Thank you

Rashmi

Labels:
0 Kudos
7 REPLIES 7

rashmirudrappa
New Contributor III
New Contributor III

‎01-31-2023 06:14 AM

Hi,

In Saviynt EntitlementType for both AD and AAD group is same which is "AADGroup".

How to find out which entitlement is from AD and AAD in Saviynt?

Thank you

Rashmi

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to rashmirudrappa

‎01-31-2023 11:03 AM - edited ‎01-31-2023 11:06 AM

rushikeshvartak_0-1675191962906.png

 


Regards,
Rushikesh Vartak
0 Kudos

Sivagami
All-Star
All-Star
In response to rashmirudrappa

‎01-31-2023 11:04 AM

There are certain attributes like onPremisesSecurityIdentifier which are populated only for groups synced from on-prem AD. Probably with that you can filter the groups that are native to Azure AD. Check if you are pulling the attribute from Azure AD in your ENTITLEMENT_ATTRIBUTE json mapping.

Refer this for ENTITLEMENT_FILTER_JSON samples. Refer the version as well in the doc if it's supported.

https://docs.saviyntcloud.com/bundle/Azure-AD-v2022x/page/Content/Configuring-the-Integration-for-Ac... 

 

{
"group_filter": "onPremisesSecurityIdentifier eq null"
}

 

-Siva

0 Kudos

sandeepverma
New Contributor II
New Contributor II
In response to Sivagami

‎02-01-2023 04:07 AM

Hi Sivagami,

As per your suggestion we tried with same in ENTITLEMENT_FILTER_JSON. 

sandeepverma_0-1675252651301.png

 We had "onPremisesSecurityIdentifier" in Entitlement Attribute section.

sandeepverma_1-1675252986557.png

But while importing access we are getting same number of access(#106) that is already exist in system.
Filter is not working as expected.

sandeepverma_2-1675253182801.png

Thanks

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sandeepverma

‎02-01-2023 04:52 AM

Do you see filter applied in logs ?


Regards,
Rushikesh Vartak
0 Kudos

Sivagami
All-Star
All-Star

‎01-31-2023 06:21 AM

You can create a custom_access import trigger for Azure AD and put the import config as needed.

Sivagami_0-1675174750872.png

If you need only AADGroups to be pulled in, you can put something like below.

{
  "importEntTypes": {
    "AADGroup": {}
  },
  "excludeEntTypes": {
    "Team": {},
    "Channel": {},
    "MemberPermission": {},
    "GuestPermission": {},
    "ApplicationInstance": {},
    "InterAppOauthPermissions": {},
    "DirectoryRole": {},
    "Subscription": {},
    "Application": {},
    "DirectoryRoleMember": {},
    "SKU": {},
    "ServicePlans": {}
  }
}

Refer connector doc for more clarity - https://saviynt.freshdesk.com/support/solutions/articles/43000463699-azure-ad-connector-guide#AzureA... 

-Siva

 

Copyright © 2023 Khoros, LLC