Share via

uid is missing in get user request from entra to scim2.0

vipin kumar Niranjan 0 Reputation points
2024-07-04T06:15:38.62+00:00

Hi Community,

I have noticed that sometimes, during user provisioning, the uid is missing from the get request GET /User/Id from entra to scimgateway (based on scim2.0). The issue is not consistent and happening sometimes.

I am confused about how Entra knows the uid and if it knows, how did it miss in the Get request url. just to verify whether the uid is coming from url, I have changed the ldap backend base url in scimgateway but I am still seeing old uid.

sample-

[with uid]
GET http://ldap3.devsre.smtpi.com/Users/uid%253Damsowtpriwibfly%2540niranjanvk0107gmail.onmicrosoft.com%252Cou%253DPeople%252Cdc%253Dchandru%252Cdc%253Dcom

[without uid]

https://ldap3.devsre.smtpi.com/Users/amsowtpriwibfly%2540niranjanvk0107gmail.onmicrosoft.com
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,681 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. akinbade abiola 16,480 Reputation points
    2024-07-04T07:24:05.9966667+00:00

    Hello vipin kumar Niranjan,Thanks for your question.

    When a user is created in Microsoft Entra ID, a unique identifier is assigned to the user. This UID is typically the user's Object ID, which is a GUID.Query should be like:

    GET /Users?filter=userName eq "Test_User_00aa00aa-bb11-cc22-dd33-44ee44ee44ee"

    See:https://learn.microsoft.com/en-us/entra/identity/app-provisioning/use-scim-to-provision-users-and-groups#request-2These queries depend on the mapped attributes on Entra and the SCIM app.

    I will recommend you ensure that that the SCIM gateway is correctly configured to include the UID in the URL. You can also view provisioning and audit logs to see where and which data is being sent.

    You can also change the base URL to see if it still has that old UID, in that case it is a caching issue you need to fix

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

  2. Danny Zollner 10,056 Reputation points Microsoft Employee
    2024-07-11T18:05:57.8033333+00:00

    Entra ID's provisioning service knows the SCIM "id" attribute value for a resource(user, group - an object) if the resource was created by Entra ID's provisioning service via a POST (Create) call, or if the resource already existed and was located by the provisioning service via a call such as GET /Users?filter=userName eq 'user@example.com'.

    Your examples are a bit hard to follow, especially the second one. However, if a GET, POST, PATCH, or DELETE call is being made with scimBaseURl/<ResourceType>/<value> - that value has been returned by the SCIM service provider (server) previously as the "id" value for a resource.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.