It is not possible to sync passwords out of AAD via SCIM provisioning. Passwords are stored in AAD using one-way hashing/salting and the original plaintext value cannot be retrieved. Best practice is to federate with the application in question via a standard such as SAML 2.0 or Open ID Connect/OAuth 2.0.
Azure AD SCIM Provisioning - How to sync passwords?
Sriharsha J
21
Reputation points
Hi,
The question is a repeat of
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/a3359bde-b08a-46f6-b5b0-ef4e50de663f/azure-ad-scim-provisioning-how-to-sync-passwords?forum=WindowsAzureAD
However, I have not seen a definitive answer to whether AD syncs the password thru SCIM. Sorry, 'AFAIK' is not definitive.
If not, what is the reasoning ? When other IDPs (say Okta) are allowing this, why not AD ?
Accepted answer
-
Danny Zollner 10,481 Reputation points Microsoft Employee
2022-12-02T16:01:39.62+00:00