![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 13%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,149 questions
At the start of a provisioning cycle, or when the Validate/Test Credentials button is clicked in the AAD Provisioning UI, some test actions are performed. One of those is checking authorization to query the SCIM server while also checking conformance with the SCIM specification. This is done via a GET /Users?filter=userName eq "String+randomguid". It sounds like Snowflake might be treating these as errors at least as far as its logging goes, which is questionable if so.
The expected response to the above example would be a 200/OK response with a SCIM-compliant response that says totalResults = 0. Either due to the GUID or just the lack of any users being found, it's being considered an error. If they are returning a 200/OK but log it as an error, it's mostly just noise. If they're responding to the GET with a 400 series error due to something about the value being queried - the string+guid piece - then that's probably not SCIM compliant.
It isn't clear, but if things are working and you're investigating here solely based on the logging provided on the Snowflake side, I'd suggest instead leveraging the AAD Provisioning logs instead.
