We have contacted our CSM about this, and they are asking internally (CAR-2837). We don’t want to burn hours on this as we have read others have done so without resolution.
(This is from the last bullet in the URL list below: “Don’t bother opening a ticket to SailPoint support they’ll have no idea how to resolve. We wasted 15 billable hours on this and no one could solve our problem…”)
If our CSM comes back with something viable (like professional services has a solution we can buy for this issue, or if we manipulate the platform in some particular way, I’ll definitely share that info with others so they can go the same route…
Here’s my running list of URLs on this particular issue, in case people are also tracking this:
- Filtering AAD Cloud Local Groups only - Compass (sailpoint.com)
- Aggregate only entitlements without DirSync - Compass (sailpoint.com)
- Azure AD Groups Mastered from On-Prem AD - Compass (sailpoint.com)
- IDN: Source Entitlement filtering only sometimes works? - Identity Security Cloud (ISC) / ISC Discussion and Questions - SailPoint Developer Community
- Entitlement MEMBERSHIP Aggregation Filters | SailPoint Ideas Portal
- Sailpoint better handling of hybrid joined | SailPoint Ideas Portal