Is is possible to control the ObjectId assigned to Identity during Inbound API driven provisioning?

Question

Is is possible to control the ObjectId assigned to Identity during Inbound API driven provisioning?

Mithunkumar Chopda 41

The Provisioning >> Edit Attribute Mapping interface has 'objectid' listed on Active Directory attributes list and 'id' attribute on Source attributes list when using API Driven Inbound Provisioning application.

However this mapping doesn't seem to be honored or getting applied even though the 'id' attribute is supplied with a guid value in the bulk upload payload.

The provisioning logs shows the supplied id attribute's value as objectid on "modified attributes" tab in Provisioning Logs. But, the provisioned record contains a different guid value.

Carlos Solís Salazar 18,191 Reputation points MVP Volunteer Moderator

2023-12-21T00:29:50.82+00:00

To address the issue you're experiencing with the Provisioning >> Edit Attribute Mapping interface in an API Driven Inbound Provisioning application, I need more information to better understand the situation:

Application Type and Provisioning Configuration: What type of application are you using for provisioning? Is it SCIM-based or a custom setup? Additionally, could you describe how you've configured the attribute mapping?

Data Upload Process: Can you detail how you are performing the bulk upload? It's important to know whether you're using a custom script, a tool provided by Microsoft, or some other method.

Logs and Error Messages: Are there specific error messages in the provisioning logs besides the discrepancy in the objectid values? Any error message or warning could be key to identifying the issue.

Software and Service Versions: What versions of Azure AD, Windows Server (if relevant), and any other related software or services are you using? Version differences can affect compatibility and functionality.

Troubleshooting Attempts: Have you conducted any tests to isolate the problem? For example, changing the attribute mappings, using different values for the attributes, or testing with a smaller data set.

Consulted Documentation: Have you reviewed the official Microsoft documentation for API Driven Provisioning setup? Sometimes issues arise due to recent changes in best practices or documentation.

With this additional information, I can provide a more accurate response and, if possible, specific solutions. In the meantime, I suggest reviewing Microsoft's official documentation on Azure Active Directory and API Driven Provisioning to ensure all configuration steps have been correctly implemented.

1 answer

Your answer

Carlos Solís Salazar 18,191 Reputation points MVP Volunteer Moderator

2023-12-21T00:29:50.82+00:00

To address the issue you're experiencing with the Provisioning >> Edit Attribute Mapping interface in an API Driven Inbound Provisioning application, I need more information to better understand the situation:

Application Type and Provisioning Configuration: What type of application are you using for provisioning? Is it SCIM-based or a custom setup? Additionally, could you describe how you've configured the attribute mapping?

Data Upload Process: Can you detail how you are performing the bulk upload? It's important to know whether you're using a custom script, a tool provided by Microsoft, or some other method.

Logs and Error Messages: Are there specific error messages in the provisioning logs besides the discrepancy in the objectid values? Any error message or warning could be key to identifying the issue.

Software and Service Versions: What versions of Azure AD, Windows Server (if relevant), and any other related software or services are you using? Version differences can affect compatibility and functionality.

Troubleshooting Attempts: Have you conducted any tests to isolate the problem? For example, changing the attribute mappings, using different values for the attributes, or testing with a smaller data set.

Consulted Documentation: Have you reviewed the official Microsoft documentation for API Driven Provisioning setup? Sometimes issues arise due to recent changes in best practices or documentation.

With this additional information, I can provide a more accurate response and, if possible, specific solutions. In the meantime, I suggest reviewing Microsoft's official documentation on Azure Active Directory and API Driven Provisioning to ensure all configuration steps have been correctly implemented.

Answer 1

Givary-MSFT 35,606 Microsoft Employee Moderator

@Mithunkumar Chopda Thank you for reaching out to us, apologies for the delayed response, did quick repro of this scenario id to objectguid attribute mapping, this mapping wont work as per my understanding objectguid value in on-premise AD is mechanically generated (each object in AD has unique object guid) - for example: you as the admin never state "I want this object to have this value for ObjectGuid/ObjectID/ID".

Hope this clarifies your query, if not happy to connect offline to discuss on this.

Let me know if you have any further questions, feel free to post back.

Mithunkumar Chopda 41 Reputation points

2024-01-17T14:01:28.54+00:00

@Givary-MSFT Thank you for the response. I agree we don’t control.the object guid in on-prem AD. In my case I am not syncing with on-prem. I am using inbound provisioning API application to provision directly in Entra ID only.

Share via

Is is possible to control the ObjectId assigned to Identity during Inbound API driven provisioning?

1 answer

Your answer