Azure Active Directory- Removing users from Groups and Roles (Entitlements)

IdentityIQ (IIQ) IIQ Discussion and Questions
, , ,
1

Which IIQ version are you inquiring about?

Version 8.X

Share all details related to your problem, including any error messages you may have received.

Hello All,

We have an Azure ActiveDirectory (Now EntraID) connector and connecting to it via Client Credentials. In order to enable provisioning from this connector and to specifically remove users from Security Groups and Remove Entitlements (Roles) from them, which of these permissions do we need- ‘User.ReadWrite.All’, ‘Group.ReadWrite.All’ or ‘RoleManagement.ReadWrite.Directory’ ? Further, is it also possible to restrict it so that this connection only has the permissions to modify specific groups and roles, and not all of them?

I am referring to the documentation below for this.

2

check this link maybe it will help :

https://documentation.sailpoint.com/connectors/microsoft/azure_ad/help/integrating_azure_active_directory/exchange_online_mailbox_management.html

4

Thank you for this, it’s part of the same documentation I am referring too, but this link specifically talks about Exchange Online Management which is not related to what we’re trying to do.

5

This is what we currently have on our side and were able to remove security groups
image

I hope this helps

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.