Difference between a group in my instance and in Azure AD

Question

Hi everyone.

I have linked my support software (Help Desk ticket system) with Azure AD using SCIM. Over azure I have a group that has 92 members, but in my Help Desk, I have 86.

Do you know what could be causing this?

I just started this week with this. The previous guy set up everything and I-m still trying to check how everything is configured.

Thanks in advance.

Answer 1

In order for a member of a group to be successfully provisioned to a connected SCIM app, the member (users, in this case) must be successfully provisioned into the app. The six missing member users are likely not provisioned into the SCIM app. They may be present in the app, but if they aren't being provisioned by AAD Provisioning and instead were created manually in the app then AAD Provisioning won't be able to manage their user objects nor their memberships in groups.

Check for provisioning errors on the missing users, or scoping filters. You can also try restarting the provisioning job which will get AAD Provisioning to reevaluate the users and groups and they will likely either be created/updated or generate an error.

Answer 2

Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query

A group on your instance is unique to your business, whereas a group in Azure Active Directory (AAD) is shared by several companies. This is the primary distinction between the two types of groups. Groups in your instance must be managed in the application itself, whereas groups in AAD are maintained through the AAD site. While groups in your instance are only allowed to restrict access to the program itself, AAD groups can be used to manage access to resources across several applications.

If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.