Azure AD - Keep receiving a SCIM Unexpected Response error when provisioning

Manny Azure 0 Reputation points

Hi there!

I'm setting up an application in my Azure AD environment, set up custom attributes and mapped them to the source attributes as expected.

However, when provisioning (whether it's via Groups, or manually by Provisioning on demand), I keep getting this sync error. I'm hitting a wall as I do not even get a JSON error returned, just a "SCIM unexpected response".

I've checked the credentials, the SSO connection works perfectly, just the sync of those attributes does not.

My app isn't quarantined, and was just created a few hours back for a few users.

Failed to match an entry in the source and target systems User ''
We received an unexpected response from the target system. Please ensure the response is SCIM-compliant and in JSON format. This operation was retried 0 times. It will be retried again after this date: 2023-08-24T12:32:55.2706973Z UTC

Any ideas what I might miss, or where to dig and troubleshoot next are welcome!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,414 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Harpreet Singh Matharoo 7,476 Reputation points Microsoft Employee

    Hello @Manny Azure

    Thank you for reaching out. From the error message I can confirm that Azure AD generates a request to match/provision the user in target app, however the target app's response is not SCIM Compliant. Which confirms/indicates that the application would be quarantined because the provisioning service receives an unexpected response from the target system (SaaS application).

    To learn more about, refer How do I prevent my application from quarantine?.

    Hope this helps.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. Danny Zollner 9,501 Reputation points Microsoft Employee

    To see any web traffic (HTTP request/response) you'll need to open a support ticket if the response isn't included in the error message you provided.

    Issue may be that there's some error state being encountered when AAD's SCIM client sends a request, and the response may not be compliant with the SCIM standard - for example, particularly bad issues sometimes lead to errors at the HTTP layer before it gets to SCIM, and it may be the HTTP service (IIS, etc..) is throwing a 500 Internal Server Error or something similar without following the SCIM standard's approach to errors.

    0 comments No comments