Azure AD SCIM provisioning application monitoring from SAAS application and managing downtime

Question

Hi,

Please suggest available options for below scenarios with Azure AD SCIM provisioning

1. Monitor SCIM provisioning job from SAAS applications
   Is there is any way to monitor the Azure AD user provisioning SCIM job from listening SaaS application. From the Azure documentation, we could figure out the logging system available in azure ad portal which cannot be synched with listening SaaS application.
2. Handle the downtime when SCIM server application is down
   If the SCIM server application is unavailable due to known situation at certain time period, is there a way to pause the provisioning apart from quarantining the job.

Answer 1

1. Besides writing an API client to call MS Graph API and pull the provisioning logs from MS Graph into your application or another location, no. Concepts such as a "job", "cycle", etc. are not defined in the SCIM spec and there are no means to monitor them via SCIM as a result.
2. At scale, not really. It's roughly the same approach as above, though - MS Graph API to manipulate the provisioning job into a paused state. If this is for a single provisioning job for an app internal to your company/organization, this is feasible, but if you're running a multi-tenant service for customers then they likely will not permit you to have the API permissions required to manage the job. If your SCIM service is multi-tenant, you should look into how to achieve 24/7 uptime rather than having scheduled maintenance.