We have an attribute “employeenumber” from on-premAD which is syncd to Entra. Was trying to use this for my directory attribute match for the privileged access but on the drop-down selection in BeyondInsight, it only shows “employeenumber” as the attribute name but the actual Entra attribute name is supposed to be “extensionattribute_<appreg_clientID>employeenumber”.
Is there a way to map this to an on-premAD “employeenumber” attribute but use Entra for my requester group? I am just not sure if it PS will recognize it since it s trying to map the requester (from Entra SAML SSO) against the on-prem AD attribute.
Answer
employeenumber extension attribute for directory match
Best answer by Howard
Currently the employeenumber for Entra ID is not supported.
https://beyondtrustcorp.service-now.com/csm?id=kb_article&sysparm_article=KB0021516
Currently the employeenumber for Entra ID is not supported.
https://beyondtrustcorp.service-now.com/csm?id=kb_article&sysparm_article=KB0021516
thanks
Yes the employeeID can be used.
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0018945
Hi Howard, just to make sure I understood. Employee ID attribute can be used to map AD account and Entra ID, right?
Just for your information. I was not able to use Employee ID, I needed to use:
Dedicated Account
- Account Name
- with prefix
Just back from my vacation.
You can’t use the employee ID for EntraID account and has to use the account name with prefix? Employee ID is currently not supported for EntraID.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.