We have use cases where we have to assign around 500+ groups based on certain logic. We have written technical rules to assign these groups as birthright & remove from birthright based on it.
However, if this birthright group is directly assigned from Azure AD e.g. group and recon into Saviynt (zero-day scenario). Saviynt does not recognize this group as a birthright and does not process the technical rule to remove it during the mover scenario.
How can we label the imported groups as birthright?
Hi @necoutinho ,
Can you uncheck this setting in Global Config and see if this works?
Based on the documentation, unchecking this box would mean that if the birthright group assignment did not happen via the birthright rules, in that case as well, the revoke tasks should ideally be generated. Checking this box would mean that saviynt would check whether the group is assigned via a birthright rule and only in that case, would it trigger the revocation.
The link is present in my message earlier. If it's not working, better to raise an FD, as it's a defect as a feature is not working as expected. Another user reported the same issue for another forum question.