Azure AD SCIM provisioning - expected behaviour on displayName user attribute updates

Ruchi 386 Reputation points
2023-10-23T05:25:33.3233333+00:00

Hi Team,

In our enterprise provisioning application, we do have the usage for displayName user attribute. But with the custom application created for SCIM connector, it comes as one of the default mapping and we have not modified that mapping.

Whenever there is any update to displayName in Azure AD, the patch request keeps coming multiple times with displayName change. This is blocking any other attribute updates. Please let us know if this is the expected behaviour.

Is the expectation for patch request is to handle all the mapped attribute changes in SCIM server application?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,768 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Danny Zollner 9,531 Reputation points Microsoft Employee
    2023-10-30T18:05:49.6533333+00:00

    If an attribute is mapped from source -> target, Entra Provisioning will look at the target system (SCIM) object and see if that attribute is present and if it is populated with the right value. If the right value isn't present, the provisioning service will try to populate it. On any subsequent sync cycle that evaluates that object, the same check will happen and if the value isn't present, again it will be added.

    If your service doesn't support displayName, it should not be mapped from Entra -> SCIM app. Removing that mapping will eliminate the inclusion of the attribute and any repeated attempts to "fix" the missing data issue.

    0 comments No comments