accountPropertyFilter in transform for Azure group

Manju22 · April 8, 2024, 4:54pm

I am looking to create a transform, when the user is a member of the Azure AD group. I used the accountPropertyFilter option in the account attribute transform, and it seems not to be working.

What should be accountPropertyFilter to be used to get user’s group in Azure AD.

{
    "name": "Member of specified AD Group",
    "type": "static",
    "attributes": {
        "groupMember": {
            "attributes": {
                "ignoreErrors": "true",
                "values": [
                    {
                        "attributes": {
                            "sourceName": "Azure Active Directory",
                            "attributeName": "sAMAccountName",
                            "accountPropertyFilter": "(groups.containsAll({\"Test-Group\"}))"
                        },
                        "type": "accountAttribute"
                    },
                    "NONE"
                ]
            },
            "type": "firstValid"
        },
        "value": "#if($groupMember == \"NONE\")NOT IN GROUP#{else}IN GROUP#end"
    },
    "internal": false
}

jesvin90 · April 9, 2024, 5:52am

Hi @Manju22,

Try changing the attributeName as userPrincipalName instead of sAMAccountName

Also, try giving the AD group value instead of the displayname.

The transform would look like this

{
    "name": "Member of specified AD Group",
    "type": "static",
    "attributes": {
        "groupMember": {
            "attributes": {
                "ignoreErrors": "true",
                "values": [
                    {
                        "attributes": {
                            "sourceName": "Azure_Source",
                            "attributeName": "userPrincipalName",
                            "accountPropertyFilter": "(groups.containsAll({\"8a999e02-5861-4bce-b1a4-bda480e95765\"}))"
                        },
                        "type": "accountAttribute"
                    },
                    "NONE"
                ]
            },
            "type": "firstValid"
        },
        "value": "#if($groupMember == \"NONE\")NOT IN GROUP#{else}IN GROUP#end"
    },
    "internal": false
}

Manju22 · April 9, 2024, 12:24pm

Thanks you @jesvin90 . It works

Topic		Replies	Views
Azure AD User Filter- Need to Aggregate users from particular group ISC Discussion and Questions aggregation , identity-security-cloud	4	233	April 5, 2024
AD Azure filter conditions ISC Discussion and Questions	1	335	July 19, 2023
Azure AD Filter ISC Discussion and Questions	3	1100	July 19, 2023
Transform that is referring another AD attribute ISC Discussion and Questions transforms , apis , aggregation , identity-security-cloud , provisioning	4	135	March 18, 2024
Conditional Transform ISC Discussion and Questions identity-security-cloud	13	269	March 13, 2024

accountPropertyFilter in transform for Azure group

Related Topics