Azure AD SCIM Provisioning - How to sync passwords?

Sriharsha J 21 Reputation points
2022-12-02T10:54:51.67+00:00

Hi,

The question is a repeat of
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/a3359bde-b08a-46f6-b5b0-ef4e50de663f/azure-ad-scim-provisioning-how-to-sync-passwords?forum=WindowsAzureAD

However, I have not seen a definitive answer to whether AD syncs the password thru SCIM. Sorry, 'AFAIK' is not definitive.
If not, what is the reasoning ? When other IDPs (say Okta) are allowing this, why not AD ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,451 questions
0 comments No comments
{count} votes

Accepted answer
  1. Danny Zollner 10,481 Reputation points Microsoft Employee
    2022-12-02T16:01:39.62+00:00

    It is not possible to sync passwords out of AAD via SCIM provisioning. Passwords are stored in AAD using one-way hashing/salting and the original plaintext value cannot be retrieved. Best practice is to federate with the application in question via a standard such as SAML 2.0 or Open ID Connect/OAuth 2.0.

    3 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.