Nested Security Groups provisioning from Azure AD to ServiceNow.

Aki 1 Reputation point
2021-11-08T07:46:20.987+00:00

Question Regarding Nested Security Groups provisioning from Azure AD to ServiceNow.

I understand that auto-provisioning of Security Groups into ServiceNow can be done by default connector below.
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/servicenow-provisioning-tutorial

However, I'm not sure about nested Security Groups provisioning.
Azure AD has nested (parent-child) Security Groups, while ServiceNow (Group table) also has "Parent" column.
What I would like Azure AD to do is auto-populate "Parent" column in ServiceNow (Group table) based on the nested group.

I tried to verify it, but my license "Azure AD Free Edition" doen't allow Group provisioning to ServiceNow...

Please kindly check it and ket me know if it's possible or not.

Best Regards,
Aki

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,455 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Danny Zollner 9,521 Reputation points Microsoft Employee
    2021-11-08T17:20:57.857+00:00

    Group provisioning is not restricted by any licensing, merely the ability to assign groups to an application. You can still provision groups by using the "Sync all users and groups" provisioning option - typically accompanied by the scoping filters feature to take the initial set (ALL users/groups) and reduce it based on attribute values.

    The actual goal you're looking for is not possible at this time, nor am I aware of it being on any feature roadmap. Azure AD has limited to no support for nested groups when it comes to Enterprise Apps, and there is no already defined concept of a "parent group" attribute in Azure AD, which means there is no attribute for Azure AD Provisioning to read and convey to ServiceNow.

    0 comments