Want to provision only users which are added/removed in the Groups(either security or microsoft 365) to the provisioning application and not other users, can this be possible?

Question

Want to provision only users which are added/removed in the Groups(either security or microsoft 365) to the provisioning application and not other users, can this be possible?

Roshan Kumawat 0

I want to provision only users who are added/Removed in the Group(Either security or Microsoft 365) using the "Provision Microsoft Entra ID Groups" with the scope filter based on the display name and don't want to provision other users on the application which are not part of those Groups can this be possible?
Can we disable this setting "Provision Microsoft Entra ID Users" on Azure?

Currently, it has been observed that all users from Azure ad are getting provisioned in the target application apart from the users in that Group (either security or Microsoft 365).

Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator

2024-04-12T22:47:55.5366667+00:00

@Roshan Kumawat , Are you wanting to provision the the cloud groups? If so, only cloud created Security groups are supported for provisioning groups from Microsoft Entra ID to AD.

https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/how-to-configure-entra-to-active-directory
Navya 20,490 Reputation points Microsoft External Staff Moderator

2024-04-16T09:06:25.85+00:00

Hi @Roshan Kumawat

Following up to see if the above information was helpful or if you were able to resolve this issue? And, if you have any further query do let us know.
Roshan Kumawat 0 Reputation points

2024-04-16T12:44:14.3366667+00:00

I want to provision only the users to the provisioning application(for example ServiceNow) who are added/removed to Certain groups, and do not want to provision other users to the target application, can this be possible?
Roshan Kumawat 0 Reputation points

2024-04-17T12:23:10.06+00:00

Following up on the above questions?
Navya 20,490 Reputation points Microsoft External Staff Moderator

2024-04-24T04:06:21.1833333+00:00

Hi @Roshan Kumawat

Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.

1 answer

Your answer

Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator

2024-04-12T22:47:55.5366667+00:00

@Roshan Kumawat , Are you wanting to provision the the cloud groups? If so, only cloud created Security groups are supported for provisioning groups from Microsoft Entra ID to AD.

https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/how-to-configure-entra-to-active-directory
Navya 20,490 Reputation points Microsoft External Staff Moderator

2024-04-16T09:06:25.85+00:00

Hi @Roshan Kumawat

Following up to see if the above information was helpful or if you were able to resolve this issue? And, if you have any further query do let us know.
Roshan Kumawat 0 Reputation points

2024-04-16T12:44:14.3366667+00:00

I want to provision only the users to the provisioning application(for example ServiceNow) who are added/removed to Certain groups, and do not want to provision other users to the target application, can this be possible?
Roshan Kumawat 0 Reputation points

2024-04-17T12:23:10.06+00:00

Following up on the above questions?
Navya 20,490 Reputation points Microsoft External Staff Moderator

2024-04-24T04:06:21.1833333+00:00

Hi @Roshan Kumawat

Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.

Answer 1

Hi @Roshan Kumawat

Thank you for following up on this and I apologize for the delayed response!

I want to provision only the users to the provisioning application (for example ServiceNow) who are added/removed to Certain groups, and do not want to provision other users to the target application, can this be possible?

In application provision, we can use scope filters to scope users or groups. But unfortunately, the scoping filter IsMemberOf and members attribute on a group are not currently supported. So, it is not possible to provision only users who have been added or removed from specific groups in Azure AD to a provisioning application.

User's image

For your reference: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/define-conditional-rules-for-provisioning-user-accounts?pivots=app-provisioning#create-scoping-filters

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya.

If the answer is helpful, please click "Accept Answer" and kindly upvote it.

Share via

Want to provision only users which are added/removed in the Groups(either security or microsoft 365) to the provisioning application and not other users, can this be possible?

1 answer

Your answer