Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure Connector

shibinvpkvr
Regular Contributor II
Regular Contributor II

‎09/22/2023 07:52 AM

Team,

We have gone through the Saviynt - Azure integration guide and noted that many entitlements can only be imported but cannot be provisioned.

https://docs.saviyntcloud.com/bundle/Azure-v23x/page/Content/Supported-Features.htm 

During an initial discussion with the customer about the connector capabilities following questions came up. 

1. Can the connector bring in "Azure Management Groups" ? it is not mentioned in the documentation

2. Can the connector be extended to provision more types of access? currently it says only 4 types are supported for provisioning

3. Why AADGroup is showing under Azure as well? (We have already integrated AzureAD and AADGroup is already imported part of that)

Labels:
0 Kudos
18 REPLIES 18

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎09/24/2023 11:21 PM

Hello @shibinvpkvr,

1. Can the connector bring in "Azure Management Groups" ? it is not mentioned in the documentation - No, It's not supported right now.
2. Can the connector be extended to provision more types of access? currently it says only 4 types are supported for provisioning? - Yes. It can be extended as it uses RESt conneector for provisioning usecases.
3. Why AADGroup is showing under Azure as well? (We have already integrated AzureAD and AADGroup is already imported part of that) - AADGroups are not getting imported as part of Azure Connector but get copied from the mapped Azure AD endpoint.

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

chrismeisner
New Contributor
New Contributor

‎10/05/2023 11:10 AM

For #1  Access is granted to Azure resources at management group, subscription, resource group, and in the resources directly. Why would management groups be omitted? This is a huge gap. Can the connector be extended to include management groups?

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎10/06/2023 02:00 AM

Hello @chrismeisner,

Please create a enhancement with your requirement in the Saviynt's Ideas portal.

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

shibinvpkvr
Regular Contributor II
Regular Contributor II

‎10/13/2023 07:43 AM

https://ideas.saviynt.com/ideas/EIC-I-5160 created this

shibinvpkvr
Regular Contributor II
Regular Contributor II

‎12/15/2023 09:29 AM

@sudeshjaiswal we are in process of setting up the connector (Azure connector) for our Azure tenant. 

However, the connector requires below parameter. 

SUBSCRIPTION ID

Represents a unique identifier of Azure subscription which grants you access to Azure services and to the Azure Resource Management Portal.

Our production tenant has 90+ subscriptions under 10+ management groups. Wondering how we can provide subscription id in this case in the connector. Can we pass it comma separated? 

 

Thanks

Shibin

0 Kudos

shibinvpkvr
Regular Contributor II
Regular Contributor II

‎12/19/2023 07:20 AM

@sudeshjaiswal @timchengappa any inputs from your side for the above question?

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎12/19/2023 09:48 PM - edited ‎12/19/2023 09:49 PM

Hello @shibinvpkvr,

For Each Subscription, Seperate connections needs to be created.
You can raised the enhancement to support the multiple subcription in single connections.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

shibinvpkvr
Regular Contributor II
Regular Contributor II
In response to sudeshjaiswal

‎12/20/2023 02:10 AM

Do you mean to say that if I have 90 subscriptions in the tenant, then 90 connections and that many endpoints?! I was wondering then why subscription is configured as an entitlement type as well under the endpoint 

0 Kudos

SUMAIYA_BABU
Regular Contributor
Regular Contributor

‎01/11/2024 06:47 AM

Can we customize the attribute mappings for the azure accounts anywhere?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SUMAIYA_BABU

‎01/11/2024 01:11 PM

You can do in Azure AD Connector -> ACCOUNT_ATTRIBUTES


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

SUMAIYA_BABU
Regular Contributor
Regular Contributor

‎01/11/2024 01:27 PM - edited ‎01/11/2024 01:37 PM

Azure AD is a different endpoint, which has no issues. If I add attributes in Azure AD connector, the mappings are specific to Azure AD accounts. Azure accounts have a default mapping, out of which we don't see employeeid to correlate with users.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SUMAIYA_BABU

‎01/11/2024 07:08 PM

We are able to map accounts emp id to users emp id 

{
"acctLabels": {
"customproperty1": "First Name",
"customproperty2": "Last Name",
"customproperty3": "Office Phone",
"customproperty10": "Account Status",
"customproperty11": "Employee ID",
"customproperty12": "Job Title",
"customproperty13": "User Type",
"customproperty14": "Directory Synced",
"customproperty16": "City",
"customproperty30": "Visibility"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"displayname": "displayName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty3": "businessPhones~#~char",
"customproperty10": "accountEnabled~#~bool",
"customproperty11": "employeeId~#~char",
"customproperty12": "jobTitle~#~char",
"customproperty13": "userType~#~char",
"customproperty14": "onPremisesSyncEnabled~#~bool",
"customproperty16": "city~#~char",
"customproperty30": "visibility~#~char"
}
}

rushikeshvartak_0-1705028877787.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

SUMAIYA_BABU
Regular Contributor
Regular Contributor

‎02/21/2024 07:12 AM

Hi Team,

We have also noticed that even for the supported entitlement type, the privileges(roles) are not added properly during reconciliation. The roles are not properly mapped to the entitlement types of users during reconciliation.

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SUMAIYA_BABU

‎02/21/2024 07:14 AM

Can you elaborate with examples 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

SUMAIYA_BABU
Regular Contributor
Regular Contributor

‎02/22/2024 07:08 AM

@rushikeshvartak In Azure, the user gets a subscription S1 from a role r1 and the user has another role r2 as well. But in saviynt, after recon, the entitlement hierarchy shows r2 under subscription S1. It should be r1 ideally.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SUMAIYA_BABU

‎02/22/2024 08:59 PM

Role is AppRole Entitlement Type or Saviynt Role Object


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

SUMAIYA_BABU
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎03/01/2024 10:48 AM

@rushikeshvartak  Azure role/privilege assigned to any account which will be reconciled as an entitlement into saviynt

0 Kudos

riteshkumar
Saviynt Employee
Saviynt Employee

‎03/05/2024 06:17 AM

@SUMAIYA_BABU Can you please share the screenshot of example from Saviynt and Azure (along with permission type in Azure) ?

0 Kudos
Copyright © 2024 Khoros, LLC