On 12/10/18 5:35 PM, alekz wrote:
> On 2018-12-10 18:44, Steven Williams wrote:
>> On 12/6/18 8:47 AM, Steven Williams wrote:
>>> On 12/5/18 6:27 PM, alekz wrote:
>>>> On 2018-12-05 21:26, Geoffrey Carman wrote:
>>>>> On 12/5/2018 1:58 PM, alekz wrote:
>>>>>> Can the Azure AD collector retrieve group members? I'm using IG
>>>>>> 3.0.1.
>>>>>> I'm able to collect the groups by changing the hidden property
>>>>>> "Azure AD Object Class Name" to "Group".
>>>>>
>>>>> How do you change a hidden property?
>>>>>
>>>>>> But I don't know what to change User_Role_Assignment to in the
>>>>>> Permission to Holders Mapping.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>> Download the collector JSON, change hidden=true to false and
>>>> re-upload it under another name.
>>>>
>>> Greetings,
>>> *** Please be aware, changing our templates could cause undesired
>>> behavior.
>>>

>> Greetings,
>> **** In my 3.0.x set-up -> the Azure Identity Collector, in the
>> Collect Group section ->
>>
>> Azure AD Directory Object Class Name: Group
>>
>> Is there and one has the ability to change it.* I did not change or
>> modify the default template.
>>
>> *** I have also checked in my 2.5.x set-ups and the above was there.
>>
>>
>> If you were not seeing it, then I am a bit curious about the template
>> that was being used in your environment for the Azure collector.
>> Unless, I am not looking at the correct mapping within the Azure
>> Identity Collector that you are talking about.
>>
>>
>>

> Ah, I understand now. I'm not collecting identities from Azure AD, only
> accounts/permissions. That's why I didn't see the group option.
> Identities are collected from the local IDM.
>

Greetings,
Correct. Typically, in your Application Collector you would have an
Azure Permission Collector and Azure Account Collector. So the flow
would be:

Permission -> Account -> Identity (User)



--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus