Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Import and Provisioning of Azure Role Assignment

soumyabrata
New Contributor III
New Contributor III

Hi Team,

For Azure AD Integration able to import all the Entitlement Types as per Saviynt Documentation.

soumyabrata_0-1677271654691.png

But as per Application Team the requirement to import and assign Azure Roles. Couldn't find anything regarding Azure Roles in documentation.

Is Azure AD Connector supports Import/Provisioning of Azure Roles? Is there any steps or documentation for the same?

soumyabrata_1-1677271776464.png

Regards,

Soumya.

 

2 REPLIES 2

ejeong
Valued Contributor
Valued Contributor

Is it different from directoryRole?

You can check docs what entitlement type is supported in ootb connector. Otherwise, you need to import with rest connector

soumyabrata
New Contributor III
New Contributor III

For all user operations AzureAD  uses graph APIs which work fine.
But for Azure Roles it is not supported by graph API. It uses separate management.azure.com API.
E.g: https://management.azure.com/subscriptions/{{subscriptionId}}/providers/Microsoft.Authorization/role...()
Documentation link: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
For this we need separate Rest API again to manage Azure Roles only. 

So the question: Is it possible to use 2 Connections for a single Endpoint for Recon and Provisioning? Is there any way we can configure it? Can you check once with Azure AD Connector Team how it can be achievable..it might have done with other customers?