Service Principal as Accounts Attributes

Important You must have an IdentityIQ Cloud Governance license for managing Service Principals as “accounts”. If you already have a CAM license, no additional license purchase required. Contact your SailPoint Customer Success Manager to request access and for more information.


This is the companion discussion topic for the documentation at https://documentation.sailpoint.com/connectors/identityiq/microsoft/entra_id/help/integrating_entra_id/service_principal_attr.html

Hi,
I’m trying to configure connector and read Service Principals as accounts.
Unfortunately reading some part of attributes doesn’t work.
For example: spn_adminConsentedPermissions and customSecurityAttributes.
I’m able to read customSecurityAttributes for standard accounts but not for Service Principals.
Boths attributes can be read using GraphAPI from PoweShell.

I’m using:

Version 8.4p1 e243e6f4783-20240325-035201
E-Fixes identityiq-8.4-IIQTC483-02236df3-7d974e69-fb66f94c
Schema Version 8.4-88
Source Repository Location RC_8.4p1

Can someone help me with it?
Maybe there is some additional documentation for this connector?

Best regards,
Jacek

Hi @JacekRutkowski, for these types of question, you can directly post it in the forum rather than adding as a documentation feedback. I certainly understand your concern here and thanks for asking.

If the admin consented permission is not working, you can reached out to our support team. For custom security attribute, that is not supported with out-of-the-box connector and it is there in our roadmap. There is no additional documentation available for it.

If you could kindly share further details with me via direct message regarding your custom security attribute use cases and how you are implementing it through PowerShell for standard accounts, it would be greatly appreciated.

Thanks!