Hello,
I'm trying to provision users with our SCIM custom application using Azure AD automatic provisioning. So far I managed to configured the creation of the user and the assignment of the groups based on the assignments done in the Enterprise Application.
The issue I have now is with the roles mapping.
I followed the indications of this tutorial: https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes
- I modified the manifest and added the roles
- I assigned the roles to the users in the Enterprise Application
- I added a new mapping under the user mappings as described in the procedure
![39679-image.png][1]
Where roles is an attribute that I added manually and is of type String.
In the procedure it says that the JSON output I should expect is something like this:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"externalId": "alias",
"userName": "alias@Company portal .OnMicrosoft.com",
"active": true,
"displayName": "First Name Last Name",
"meta": {
"resourceType": "User"
},
"roles": [
{
"primary": false,
"type": "WindowsAzureActiveDirectoryRole",
"display": "Admin",
"value": "Admin"
},
{
"primary": false,
"type": "WindowsAzureActiveDirectoryRole",
"display": "User",
"value": "User"
}
]
}
Which is what my application expectes to receive. This is actually what is sent to my app when first creating the user. However, when doing a PATCH operation to update the user roles, this is what I got:
{
"schemas": [
"urn:ietf:Params:Scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Add",
"path": "roles",
"value": [
{
"value": "{\"id\":\"05b07648-ecfe-489f-8d2f-6325724a46fe\",\"value\":\"25\",\"displayName\":\"Role1234\"}"
},
{
"value": "{\"id\":\"18d14569-c3bd-439b-9a66-3a2aee01d14f\",\"value\":\"22\",\"displayName\":\"user\"}"
}
]
}
]
}
As you can see, the values of the roles are not being passed as an array of objects but rather as values of a String. As a result, my application returns a 500 error because it cannot parse the reply.
Could you please advise how to get something like the following for when patching the user?
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "add",
"value": {
"roles": [
{
"value": "1",
"display": "System Admin"
}
]
}
}
]
}
Thanks for your help.
Nicolas.-