Enterprise App Apple Business Manager Renew SCIM-Token Connection Test Error "SystemForCrossDomainIdentityManagementCredentialValidationFailure"

Question

Enterprise App Apple Business Manager Renew SCIM-Token Connection Test Error "SystemForCrossDomainIdentityManagementCredentialValidationFailure"

Florian Bartsch 10

Hey guys,

today I wanted to renew the SCIM Token in the enterprise app for Apple Business Manager.

But it doesnt care how often I renew the token, it just fails all the time.

The only other thread ive found is this one:
Apple Business Manager Synchronisation Fails with "SystemForCrossDomainIdentityManagementCredentialValidationFailure"

But it just will not start working for us.

Fehlercode: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable
Details: We received this unexpected response from your application:

Received response from Web resource.
   Resource: https://federation.apple.com/feeds/business/scim/Users?filter=userName+eq+"AzureAD_Test-47b6096a-7947-47f3-b783-bf34a00b8fd5"
   Operation: GET 
   Response Status Code: BadRequest
   Response Headers: Connection: keep-alive
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains
X-Frame-Options: SAMEORIGIN
Keep-Alive: timeout=30
Cache-Control: no-store
Date: Tue, 15 Apr 2025 11:09:27 GMT
Server: Apple
   Response Content: {"schemas":"[urn:ietf:params:scim:api:messages:2.0:Error]","detail":"Bad Request","status":400}

Thanks!

Greetings.

Eric Cote 0 Reputation points

2025-04-15T15:59:14.62+00:00

I have the same problem since yesterday evening.
Martin Norland 0 Reputation points

2025-04-15T16:15:20.6333333+00:00

I'd updated our SCIM credentials after testing them earlier this morning - but a reprovisioning task still failed... I've just generated a new set of credentials and now I get the same SystemForCrossDomainIdentityManagementCredentialValidationUnavailable as the OP.

The SCIM provisioning had been failing with 404s since ~6pm yesterday, which was shortly /before/ they finally updated the ABM T&C (despite it showing as updated since 1pm EST and negatively impacting our MDM enrollment). This April iteration of ABMs updates is not going smoothly, at all.
Lucky 10 Reputation points

2025-04-15T18:19:24.1066667+00:00

I haven't been able to confirm yet but this has got to be an issue with Apple's SCIM servers and nothing client side. We started getting the same error yesterday and I've gone through the same steps (restarting SCIM, renewing token, etc). I've got an open ticket with Apple support on this issue and I'm currently waiting to hear back. I see similar reports of this same issue back in July 2023 and that was confirmed to be ABM's servers. https://learn.microsoft.com/en-us/answers/questions/1324934/apple-business-manager-synchronisation-fails-with
Sean Sisneroz 20 Reputation points

2025-04-15T18:55:24.1833333+00:00

I started having this same issue yesterday at 4:30pm cst. I noticed my MDM telling me I had to sign into ABM to accept the new T&C which I did right away. I thought that was the end of it, until I came in today and saw that I was still getting an error on the SCIM provisioning settings. I also opened a ticket with Apple support as well as Microsoft support. Renewing the secret did not fix my issue.
Florian Bartsch 10 Reputation points

2025-04-16T10:53:35.87+00:00

Tried it few minutes ago. Today it seems to work again. I'll keep an eye on it for the next 1-2 days. Hopefully it's ok for now.
Sean Sisneroz 20 Reputation points

2025-04-16T12:45:34.97+00:00

I can confirm with Florian that its working for me as well. I did have to recreate the client secret for it to work though.
Nick Spaniola 0 Reputation points

2025-04-16T13:09:47.8433333+00:00

We are having the same error. Can't figure it out.

Provisioning has been quarantined. See quarantine details for more information.

Quarantine details:

While attempting to validate our authorization to access your application, we received this unexpected response: Received response from Web resource. Resource: https://federation.apple.com/feeds/business/scim/Users?filter=userName+eq+"AzureAD_Test-0df35a9b-22ce-424f-9fbf-7b76ad594a6b" Operation: GET Response Status Code: BadRequest Response Headers: Connection: keep-alive Pragma: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains X-Frame-Options: SAMEORIGIN Keep-Alive: timeout=30 Cache-Control: no-store Date: Wed, 16 Apr 2025 07:19:35 GMT Server: Apple Response Content: {"schemas":"[urn:ietf:params:scim:api:messages:2.0:Error]","detail":"Bad Request","status":400} Please check the service.
Nick Spaniola 0 Reputation points

2025-04-16T13:16:50.5066667+00:00

Like @Sean Sisneroz said, recreating the secret token on apple business manager and then adding it back to intune apple business manager saml worked
Eric Cote 0 Reputation points

2025-04-16T13:16:53.9633333+00:00

I can also confirm that it is now working (with a new secret token).
Lucky 10 Reputation points

2025-04-16T16:21:06.5066667+00:00

I can also confirm, working as expected this morning when I got in, didn't need to refresh the token at all.

1 answer

Your answer

Eric Cote 0 Reputation points

2025-04-15T15:59:14.62+00:00

I have the same problem since yesterday evening.
Martin Norland 0 Reputation points

2025-04-15T16:15:20.6333333+00:00

I'd updated our SCIM credentials after testing them earlier this morning - but a reprovisioning task still failed... I've just generated a new set of credentials and now I get the same SystemForCrossDomainIdentityManagementCredentialValidationUnavailable as the OP.

The SCIM provisioning had been failing with 404s since ~6pm yesterday, which was shortly /before/ they finally updated the ABM T&C (despite it showing as updated since 1pm EST and negatively impacting our MDM enrollment). This April iteration of ABMs updates is not going smoothly, at all.
Lucky 10 Reputation points

2025-04-15T18:19:24.1066667+00:00

I haven't been able to confirm yet but this has got to be an issue with Apple's SCIM servers and nothing client side. We started getting the same error yesterday and I've gone through the same steps (restarting SCIM, renewing token, etc). I've got an open ticket with Apple support on this issue and I'm currently waiting to hear back. I see similar reports of this same issue back in July 2023 and that was confirmed to be ABM's servers. https://learn.microsoft.com/en-us/answers/questions/1324934/apple-business-manager-synchronisation-fails-with
Sean Sisneroz 20 Reputation points

2025-04-15T18:55:24.1833333+00:00

I started having this same issue yesterday at 4:30pm cst. I noticed my MDM telling me I had to sign into ABM to accept the new T&C which I did right away. I thought that was the end of it, until I came in today and saw that I was still getting an error on the SCIM provisioning settings. I also opened a ticket with Apple support as well as Microsoft support. Renewing the secret did not fix my issue.
Florian Bartsch 10 Reputation points

2025-04-16T10:53:35.87+00:00

Tried it few minutes ago. Today it seems to work again. I'll keep an eye on it for the next 1-2 days. Hopefully it's ok for now.
Sean Sisneroz 20 Reputation points

2025-04-16T12:45:34.97+00:00

I can confirm with Florian that its working for me as well. I did have to recreate the client secret for it to work though.
Nick Spaniola 0 Reputation points

2025-04-16T13:09:47.8433333+00:00

We are having the same error. Can't figure it out.

Provisioning has been quarantined. See quarantine details for more information.

Quarantine details:

While attempting to validate our authorization to access your application, we received this unexpected response: Received response from Web resource. Resource: https://federation.apple.com/feeds/business/scim/Users?filter=userName+eq+"AzureAD_Test-0df35a9b-22ce-424f-9fbf-7b76ad594a6b" Operation: GET Response Status Code: BadRequest Response Headers: Connection: keep-alive Pragma: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains X-Frame-Options: SAMEORIGIN Keep-Alive: timeout=30 Cache-Control: no-store Date: Wed, 16 Apr 2025 07:19:35 GMT Server: Apple Response Content: {"schemas":"[urn:ietf:params:scim:api:messages:2.0:Error]","detail":"Bad Request","status":400} Please check the service.
Nick Spaniola 0 Reputation points

2025-04-16T13:16:50.5066667+00:00

Like @Sean Sisneroz said, recreating the secret token on apple business manager and then adding it back to intune apple business manager saml worked
Eric Cote 0 Reputation points

2025-04-16T13:16:53.9633333+00:00

I can also confirm that it is now working (with a new secret token).
Lucky 10 Reputation points

2025-04-16T16:21:06.5066667+00:00

I can also confirm, working as expected this morning when I got in, didn't need to refresh the token at all.

Answer 1

Hi @Florian Bartsch

I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue:

Enterprise App Apple Business Manager Renew SCIM-Token Connection Test Error "SystemForCrossDomainIdentityManagementCredentialValidationFailure"

Solution:

Confirmed by @Florian Bartsch

It seems the issue was resolved after some time by refreshing the page.

User's image

If I missed anything please let me know and I'd be happy to add it to my answer, or feel free to comment below with any additional information.

Share via

Enterprise App Apple Business Manager Renew SCIM-Token Connection Test Error "SystemForCrossDomainIdentityManagementCredentialValidationFailure"

1 answer

Your answer