and more in a single search tool across platforms. Read the announcement here. |
05/09/2022 12:01 PM
When trying to Create an Azure AD Group, the screen does not match the documentation. What settings need to be in place to show the Azure AD specific Create Group screen?
I'm expecting this (from the documentation (https://saviynt.freshdesk.com/support/solutions/articles/43000582534-managing-azure-ad-groups#Managi...😞
But instead, only see this (the generic role creation screen)
I have set an approval workflow on the AADGroup Entitlement Type screen.
This is in v2020.
05/09/2022 10:42 PM
Hi,
Please navigate to ARS->Create AAD Group
You will be able to see the desired screen.
Thanks
Nikita
05/10/2022 04:37 AM
Hi @Nikitaj, this is the root of the problem... When I click Create AAD Group, I don't get the Create AAD Group Screen, I get the generic Create Role screen (see screenshots in the original post). The system is not recognizing that I'm trying to create an AAD Group.
05/10/2022 04:46 AM - edited 05/10/2022 04:48 AM
Hi,
Could you please add this to your SAV Role, it would be missing from there.
Please navigate to Admin->SAV Roles->choose the SAV Role-> Create Request Home Option->Select Group To Create and add AAD Group.
Thanks
Nikita
05/10/2022 04:47 AM - edited 05/10/2022 04:49 AM
05/10/2022 04:49 AM
Yep, I saw this in another post and I already have that in place but still no luck.
05/10/2022 10:47 PM
Hi,
In that case please check the JSON where you have defined the Azure AD Group, something is missing there .
Thanks
Nikita
05/13/2022 06:23 AM
Would the reconciliation settings affect how the Create AAD Group screen is showing? I don't see any errors in the JSON, please see below. Am I missing anything? This is from the documentation.
{
"entitlementAttribute": {
"AADGroup": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"customproperty1": "deletionTimestamp~#~char",
"customproperty2": "description~#~char",
"customproperty5": "dirSyncEnabled~#~char",
"customproperty7": "mail~#~char",
"customproperty8": "mailEnabled~#~char",
"customproperty9": "onPremisesSecurityIdentifier~#~char",
"customproperty10": "securityEnabled~#~char",
"customproperty11": "groupTypes~#~listAsString",
"customproperty12": "membershipRule~#~char",
"customproperty13": "membershipRuleProcessingState~#~char",
"customproperty16": "resourceProvisioningOptions~#~char"
}
}
}
}
05/13/2022 06:56 AM
Something does not look right here. When the pre-requisites are not set for the Group Management, on clicking the tile, it basically loads the same page again.Here you are getting a different page altogether. This might require looking into the logs and troubleshooting further. I'd think a support tiket would be apt for this issue.
Regards,
Avinash Chhetri
05/17/2022 12:46 PM
Still waiting on Saviynt operations to respond to the ticket but in the meantime, the reconciliation is also not working. It seems the AzureAD Connector completely ignores the entitlement mapping. The recon is failing because the data in custompropert14 is too long (it is being truncated). I'm not even mapping customproperty 14 (see my JSON above)!
Any ideas? This has turned into a major blocker.
05/18/2022 05:56 AM
Hello,
AzureAD connector is an OOTB connector and if its OOTB mappings are facing truncation issue, please raise the severity of the freshdesk ticket and work with Support on getting a fix from engineering for the issue.
05/18/2022 06:55 AM
Any tips @sahajranajee to prompt a response on the ticket? It's been open for a week and has not been touched. The CSM for this client is pushing as well but we never get any movement.
07/11/2022 01:25 PM
Was this issue ever resolved? I am facing the same issue, except I can't seem to add Azure AAD Groups to my Manage Roles : Create Roles permissions:
07/11/2022 03:56 PM
Have you added a workflow to the entitlementType you are trying to manage ?
If not, Please follow the steps below and give it a try.
Go to Security System > Endpoints > Entitlement Type
Click on the icon for Entitlement Type
On the details page, add a workflow as shown
This should populate the entitlement type you are trying to manage in the SAV Role
(Note: The screenshots shared above are for AD but you can follow the same for your AAD Groups as well)
Could you share the ticket number so that we can take a look ?
The Saviynt Support is a different Team altogether but would like to take a look at what's going on.
07/13/2022 07:40 AM - edited 07/13/2022 08:01 AM
[Edited: I did get the role to in the SAV Roles settings, but issue below remains]
The documentation (link here) states:
Log in to EIC.
Go to ARS > Create New Role.
Click the Ellipsis icon … to view the available options.
Select Create Azure AD Group and click Create.
However, that description does not match the UI as it appears on my screen - There is no Ellipsis icon, and no Create Azure AD Group option under actions. For reference, we are on the latest cloud version.
07/13/2022 08:34 AM - edited 07/13/2022 08:34 AM
If you are on the latest version, you should be able to see a separate tile for Creating and Managing AzureAD Groups as shown below.
07/13/2022 08:46 AM
I seem to be missing a number of options on the Home screen tiles:
I am in the Role_Admin SAV role.
07/13/2022 09:28 AM
Could you share the Saviynt version that you are on ?
Here's the url that will give you the version page if youre on the latest (v2021) release.
https://<applicaton-url>/ECMv6/versionpage
Also please share the screenshot of the "Create Request Home Option" for the Admin SAV Role
07/13/2022 09:37 AM
Version Info:
Create Request Home Option:
07/13/2022 10:40 AM
I'm assuming you are using the OOB Admin Role and also have the access to Create and Modify Roles under Feature Access.
07/13/2022 10:45 AM
That is correct - the out-of-the-box Role_Admin SAV role, with permissions to create and modify roles:
07/11/2022 02:30 PM
Haha... yes and no. It's a bug in v2020 that does not have a timeline for a fix. Saviynt's response was upgrade to v2021. We did that, and it's broken there too. It's still being worked on, has been escalated several times. We're currently with the product team.
07/12/2022 05:41 AM
@avinashchhetri #1422119