Entra ID roles does not show up on aggregated accounts

Hello,
We want to launch recertification campaigns on entitlements of type role assigned to certain accounts.
We’ve noticed a rather peculiar behaviour of ISC. The roles don’t come up on the Entra ID accounts of the identities, unless we manipulate the role outside of ISC beforehand, and after that, we can see the role coming up on the identity.
We use the Microsoft Entra ID saas connector.

Is there any solution to this problem ?

Hi @Rania

I believe you need to enable the Privilege Identity Management on the connector first:

1 Like

Hi Irshaad, thank you for the answer. However, there is no “Enable Privileged Identity Management” option on this connector.

Hello there,
Thank you for your answer.
When checking on the SaaS connector, we don’t have the same option as the other version. Even when checking through the v3 sources endpoint, we don’t see the attribute.

1 Like

Hi @Rania

On the Entra connector config, navigate to feature management and then scroll to the end of the page, you should find the Enable Privilege Identity Management option there:

Hi @Irshaad_Laher_WS I was able to enable the privilede Identity Management through an API call, and then the toggle button showed up.
However, roles still do not show up on accounts.

Hi Rania

Can you verify that your service account used for the connector has the required permissions to aggregate and manage roles?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.