Azure AD Connector -

Is there a way to do the Azure connector where it reads users no matter what type so that they can be added to groups by SailPoint. We use Azure AD sync to create our users. and tenant sync to bring in guest accounts from our other companies. But we use groups heavily for access.

Hey !

Normally the azure connector reads all the users from the on-premise directory, Also if you click on the option “Manage b2b” and " manage b2c" Or even teams Management.

you can bring and also manage these users.

there’s any specific type that is missing?

1 Like

I would encourage you to post questions like this in the future to the ISC Discussion and Questions category. There are a few folks in SailPoint DEVREL that are on PTO so things aren’t getting moved over as quickly :grin:

To add to this, I have two separate AAD sources - one for internal users (synced from on-prem AD) and one for Guest Accounts.

For the internal users, we are only provisioning access to Azure-specific groups, such as Unified/Teams groups and Azure-specific roles. You’ll find you can’t provision users to groups in Azure that are synced from your on-prem AD. You have to use the on-prem AD connector to do that.

Frustratingly, the connector still aggregates on-prem AD groups as entitlements assigned to users. There is an idea posted to propose fixing this

This has been moved :slight_smile:

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.