Hi Team,
I am using the Entra ID Source to aggregate just PIM groups. I can see the filter in the source pulling in all the correct PIM groups but it is also pulling in additional groups when I aggregate accounts.
How do I filter just the user accounts in the PIM groups without it pulling all the other entitlements that are not associated with PIM?
Has anyone run into this issue before?
Yes, this is a common issue with Entra ID sources — aggregation can pull in extra groups even if you’ve filtered for PIM groups.
This happens because account aggregation collects all group memberships, not just the filtered ones.
To limit entitlements, apply a filter in the Entitlement Filter section using attributes like displayName or group type.
You can also use naming conventions or metadata to target only PIM groups.
If needed, add an Entitlement Rule to filter or transform after aggregation.