Unable to provision user from Microsoft Azure AD to SaaS app using SCIM

mohamed assem 0 Reputation points
2023-09-19T12:18:37.7666667+00:00

Hi folks,

I am trying to provision a user from Microsoft Azure AD to a SaaS application I created as an enterprise application. Basically I want to be able to do CRUD operations on any user. Initially I have tried creating the user and the creation was successful. However, I am getting an error when I try to update the user details in Azure AD and then provision the user for the SaaS app. The below is the error I am having on "Provision on Demand":

"status":400,"error":"Bad Request","message":"JSON parse error: Could not resolve type id 'Add' as a subtype of com.unboundid.scim2.common.messages.PatchOperation: known type ids = [add, remove, replace] (for POJO property 'Operations'); nested exception is com.fasterxml.jackson.databind.exc.InvalidTypeIdException: Could not resolve type id 'Add' as a subtype of com.unboundid.scim2.common.messages.PatchOperation: known type ids = [add, remove, replace] (for POJO property 'Operations')\n at [Source: (PushbackInputStream); line: 1, column: 82] (through reference chain: com.unboundid.scim2.common.messages.PatchRequest["Operations"]->java.util.ArrayList[0])","path":"/scim/v2/5e4231ad-e4ac-2213-0c59-3a4e3139858c/Users/3e7600bb-7f90-e234-1512-122f78784fe8"}

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,454 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,606 Reputation points Microsoft Employee
    2023-09-25T20:48:51.5033333+00:00

    @mohamed assem

    Thank you for following up on this and I apologize for the delayed response!

    Error Details:

    "message":"JSON parse error: Could not resolve type id 'Add' as a subtype of com.unboundid.scim2.common.messages.PatchOperation: known type ids = [add, remove, replace] (for POJO property 'Operations');

    Based off your error and from @Danny Zollner 's comment it looks like there's an issue with the JSON payload that you are sending to Azure AD.

    • Have you confirmed that the JSON payload is formatted correctly?
    • Are any additional error messages within the Azure AD provisioning logs?

    When it comes to the patch request from Azure AD containing the "Op" with an upper leading character, can you share what you're seeing? From the Known issues and resolutions with SCIM 2.0 documentation it looks like there are flags (With / Without feature flag) you can alter that won't cause issues with lower- or upper-case characters.

    User's image

    • If you're still having issues and would like to work closer with our support team on this, please let me know. I'd be happy to enable a one-time free technical support request for your subscription so you can work with our support engineers to get this issue resolved.

    Additional Links:

    I hope this helps!

    Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.