accountPropertyFilter in transform for Azure group

Manju22 · April 8, 2024, 4:54pm

I am looking to create a transform, when the user is a member of the Azure AD group. I used the accountPropertyFilter option in the account attribute transform, and it seems not to be working.

What should be accountPropertyFilter to be used to get user’s group in Azure AD.

{
    "name": "Member of specified AD Group",
    "type": "static",
    "attributes": {
        "groupMember": {
            "attributes": {
                "ignoreErrors": "true",
                "values": [
                    {
                        "attributes": {
                            "sourceName": "Azure Active Directory",
                            "attributeName": "sAMAccountName",
                            "accountPropertyFilter": "(groups.containsAll({\"Test-Group\"}))"
                        },
                        "type": "accountAttribute"
                    },
                    "NONE"
                ]
            },
            "type": "firstValid"
        },
        "value": "#if($groupMember == \"NONE\")NOT IN GROUP#{else}IN GROUP#end"
    },
    "internal": false
}

jesvin90 · April 9, 2024, 5:52am

Hi @Manju22,

Try changing the attributeName as userPrincipalName instead of sAMAccountName

Also, try giving the AD group value instead of the displayname.

The transform would look like this

{
    "name": "Member of specified AD Group",
    "type": "static",
    "attributes": {
        "groupMember": {
            "attributes": {
                "ignoreErrors": "true",
                "values": [
                    {
                        "attributes": {
                            "sourceName": "Azure_Source",
                            "attributeName": "userPrincipalName",
                            "accountPropertyFilter": "(groups.containsAll({\"8a999e02-5861-4bce-b1a4-bda480e95765\"}))"
                        },
                        "type": "accountAttribute"
                    },
                    "NONE"
                ]
            },
            "type": "firstValid"
        },
        "value": "#if($groupMember == \"NONE\")NOT IN GROUP#{else}IN GROUP#end"
    },
    "internal": false
}

Manju22 · April 9, 2024, 12:24pm

Thanks you @jesvin90 . It works

system · June 8, 2024, 12:25pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Account Attribute Transform - Account Property Filter on display name of Azure Group ISC Discussion and Questions transforms , identity-security-cloud , entitlements	2	45	November 13, 2024
Transform to filter accounts with entitlements in an source ISC Discussion and Questions transforms , identity-security-cloud , entitlements	4	41	November 8, 2024
Azure AD source user filter ISC Discussion and Questions identity-security-cloud , connectors	6	247	July 26, 2024
Transform -- validating Identity is a assigned a role or an entitlement ISC Discussion and Questions identity-security-cloud , provisioning	9	65	October 20, 2024
Validating an entitlement in a transform ISC Discussion and Questions transforms , identity-security-cloud	4	301	August 4, 2024

accountPropertyFilter in transform for Azure group

Related topics