Skip to content

Managing Azure Entitlements

To display your Azure entitlement data in Identity Security Cloud, you must mark supported entitlements as cloud enabled.

Supported Entitlement Types

Identity Security Cloud supports the following Azure entitlements:

  • Group
  • azureRoleAssignment

Marking Microsoft Entra ID Cloud-Enabled Entitlement Types

When entitlements are pulled from your Azure cloud environment, you must mark the supported entitlement types as Cloud Enabled in your Microsoft Entra source configuration. This will allow certification campaign reviewers to view the access users have to your Azure cloud infrastructure.

  1. Go to Admin > Connections > Sources.
  2. Select or edit the Microsoft Entra SaaS or Microsoft Entra VA-based connector you enabled to manage cloud resources.
  3. In the Entitlement Management section, select Entitlement Types.
  4. Edit and select the Cloud Enabled checkbox for the following entitlements:
    • Group
    • azureRoleAssignment
  5. Select Update.

You can now view an identity's cloud access granted through entitlements. You can include cloud-based entitlement types to certification campaigns to allow certifiers to view the effective access to your Azure resources.

Viewing Effective Access to Azure Resources

After marking your entitlement types, you can include cloud-enabled entitlements in certification campaigns to allow your certifiers to view cloud access details like the last level of access and type of action taken on the resource.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.