![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 0%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,273 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Anh Hoang ,
Thanks for reaching out.
This is a known issue with the current version of our SCIM client. We offer a feature flag to fix this as well as some other issues. Please see https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/application-provisioning-config-problem-scim-compatibility#flags-to-alter-the-scim-behavior for information on the flag and the changes it introduces, as well as how to use the flag.
Unfortunately, this flag will not work with Provision on Demand.
You need to use either a switch statement based on [isSoftDeleted] - or the simpler Not([isSoftDeleted]) expression. You shouldn't use accountEnabled as the source attribute as that only covers the user account being enabled/disabled in Azure AD/Entra ID, and doesn't account for unassignment from the app, scoping filters, or being soft deleted in Azure AD/Entra ID.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.