This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to label Azure AD groups as birthright for day zero users? Mover scenario will fail in future?

necoutinho
New Contributor II
New Contributor II

‎08/08/2023 05:08 AM

Hi Team,

We have use cases where we have to assign around 500+ groups based on certain logic. We have written technical rules to assign these groups as birthright & remove from birthright based on it.

However, if this birthright group is directly assigned from Azure AD e.g. group and recon into Saviynt (zero-day scenario). Saviynt does not recognize this group as a birthright and does not process the technical rule to remove it during the mover scenario.

How can we label the imported groups as birthright?

Labels:
0 Kudos
3 REPLIES 3

armaanzahir
Valued Contributor
Valued Contributor

‎08/08/2023 05:58 AM

Hi @necoutinho ,

 

Can you uncheck this setting in Global Config and see if this works? 

BirthrightCheck.png

 

Based on the documentation, unchecking this box would mean that if the birthright group assignment did not happen via the birthright rules, in that case as well, the revoke tasks should ideally be generated. Checking this box would mean that saviynt would check whether the group is assigned via a birthright rule and only in that case, would it trigger the revocation. 

Configuring Rules

 

Regards,
Md Armaan Zahir
0 Kudos

necoutinho
New Contributor II
New Contributor II

‎08/08/2023 07:26 AM

Thanks Armaan. I checked this setting, its unchecked for us but still its not working.

Could you please share the documentation link for reference?

0 Kudos

armaanzahir
Valued Contributor
Valued Contributor
In response to necoutinho

‎08/08/2023 08:15 AM

The link is present in my message earlier. If it's not working, better to raise an FD, as it's a defect as a feature is not working as expected. Another user reported the same issue for another forum question.

Re: For Remove Birthright Task check if Access is ... - Saviynt Forums - 44960

Configuring Rules (saviyntcloud.com)

Regards,
Md Armaan Zahir
0 Kudos
Copyright © 2023 Khoros, LLC