CyberARK SAAS connector - Filter entitement in entitlement aggregation

Hi All,

We are implementing CyberArk Privilege Cloud Shared Services SaaS connector, we want to filter some of the entitlements when we aggregate them, specifically the “System Administrator” group. The Reason we want to filter this out is that the “System Administrator” group is not aggregate trough Account Aggegration.

Is it possible to filter this entitlement?

Kind regards,

Ahmet

What is the end goal that’s met by filtering this out? Eventually that entitlement will get created through account aggregation if it’s assigned to an account.

The CyberArk endpoint for users doesn’t include role “System administrator” assigned users.

So the goals is to filter it out otherwise this will lead to an incomplete entitlement:(check screenshot, missing identites button)

image1166×447 11.2 KB

Ok, I see what you mean now. I didn’t realize membership in the group id sysadmin wasn’t presented in the /Users resource of the SCIM API, but you can see the group membership in the /Groups SCIM endpoint.

Unfortunately, the OOB connector doesn’t allow for entitlement aggregation filters, so you can’t do something like id ne “sysadmin” like you would in the filter query parameter in a REST call.

OK, thanks for sorting out.