Azure Provisioning broken: GUID on Oracle SaaS changes due to user import from another source

FGable 20 Reputation points
2023-03-27T15:14:51.67+00:00

Azure is provisioning a 2 AD attributes to our Oracle SaaS via the SCIM call

The "target" SaaS gets refreshed with data/user accounts from another "source" SaaS (DEV/TEST/QA/UAT).

Oracle SaaS LDAP contains a GUID for the users. Azure somehow knows this GUID.

The GUID in the "target" SaaS changes to the value from the "source" environment and Azure claims it cannot find the account to provision.

I can call the SCIM API of the "target" and see the GUI has changed for the user

I can confirm via the Azure provision logs that Azure is looking for the old GUID

I have stop/started/restarted provisioning. Removed the user from the SaaS side, removed the user from the Azure ACL list and rebuilt provisioning to try and clear the Azure cached GUID.

Any other thoughts of how to clear the cached Azure GUID?

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,413 questions
{count} votes

Accepted answer
  1. Danny Zollner 10,056 Reputation points Microsoft Employee
    2023-03-27T16:14:46.39+00:00

    https://learn.microsoft.com/en-us/graph/api/synchronization-synchronizationjob-restart?view=graph-rest-beta&tabs=http

    That restart API call with a resetScope value of "Full" will do the trick. This will flush the links between source(AAD) and target (Oracle/SCIM) objects. This can only be done for the entire job, not for specific objects.

    FWIW, AAD Provisioning expects that it is the primary source/authoritory for the objects it is managing in a connected SCIM app. It sounds like this problem is happening as a result of refreshing dev/test environment data with more accurate data based on some other environment such as prod. If this is also happening in prod then it's likely that some business process manipulating data in the SCIM app is flawed and should be adjusted.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.