This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I don't see any output for users when testing 'AppRoleAssignmentsComplex([appRoleAssignments])' in Expression Builder. How do I see this output in the context of a specific app, and test how conditional logic around it will impact User provisioning scope or provisioned fields?
GitHub Enterprise Managed Users relies on Azure AD SCIM provisioning as its only source of configuration of user information/management. The out-of the box user provisioner looks like this:
I also have 2 types of Groups I want to pass through to the provisioner:
I have essentially accomplished this by setting the License level groups with the appropriate role, and setting the M365 groups with a role of "Restricted User". However, this leads to excessive API calls through SCIM with numerous errors, for each appearance of an unlicensed user.
I think the best way to solve this would be to use either a Scoping Rule, which ignores users who do not have one of the actual roles like "User", "Enterprise Owner", "Billing Contact", etc. assigned. Another way to solve this would be use similar logic to set the 'active' attribute to false if the user does not have these roles assigned.
I cannot find a way to query the user's appRoles in Expression Builder. Everytime I try to use "AppRoleAssignmentsComplex([appRoleAssignments]) in Expression Builder, I get null for output. Will this work to get the list of App Role assignments in the SCIM provisioning? What is the expected ouput? I am warry to edit this on our production connection, any suggestions on how best to test the resulting output and logic filtering around this field?
It is not supported to build scoping filters off of the appRoleAssignments attribute, either with or without a function processing the value of it. I believe there is an item in our engineering backlog to remove this value from the scoping filters UI. Apologies for the bad experience here.