Entra ID custom schema attribute with object instead of string

Question

Entra ID custom schema attribute with object instead of string

Scott Beam 0

i'm trying to map a custom schema attribute as an object instead of a string. this works in the core schema by just putting in "name.firstName" but I can not get the dot notation to work with custom schema such as "urn:ietf:params:scim:schemas:extension:contoso:2.0:User:name.firstName". i can get ""urn:ietf:params:scim:schemas:extension:contoso:2.0:User:name" to work fine, but i can not get a firstname to map under that.

ie, what i am desiring

"urn:ietf:params:scim:schemas:extension:contoso:2.0:User":

{

"name":{"firstname":"fred" }

}

Akhilesh Vallamkonda 15,340 Reputation points Moderator

2024-04-22T13:24:20.2433333+00:00

Hi @Scott Beam
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Akhilesh Vallamkonda 15,340 Reputation points Moderator

2024-04-24T02:31:51.26+00:00

Hi @Scott Beam
Just checking in to see if the below answer provided is helped.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

1 answer

Your answer

Akhilesh Vallamkonda 15,340 Reputation points Moderator

2024-04-22T13:24:20.2433333+00:00

Hi @Scott Beam
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Akhilesh Vallamkonda 15,340 Reputation points Moderator

2024-04-24T02:31:51.26+00:00

Hi @Scott Beam
Just checking in to see if the below answer provided is helped.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 1

Danny Zollner 10,816 Microsoft Employee Moderator

Entra ID App Provisioning does not support custom SCIM attributes that are complex or multi-valued. They can generally be supported for gallery applications with custom SCIM-based provisioning connectors built into the Enterprise Application, but are not supported for custom attributes added manually to the schema of provisioning jobs.

This is publicly documented here: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/customize-application-attributes#provisioning-a-custom-extension-attribute-to-a-scim-compliant-application

Custom attributes can't be referential attributes, multi-value, or complex-typed attributes. Custom multi-value and complex-typed extension attributes are currently supported only for applications in the gallery.

Scott Beam 0 Reputation points

2024-04-17T17:37:35.9633333+00:00

followup question now if you don't mind.

"They can generally be supported for gallery applications with custom SCIM-based provisioning connectors built into the Enterprise Application"

from what i can find, you have to build the application and test it first, before it can be promoted to be a 'gallery' app. So how can i map customer complex attributes if it's not yet a gallery app? Feels like i'm stuck in a loop
Danny Zollner 10,816 Reputation points Microsoft Employee Moderator

2024-04-17T17:46:22.77+00:00

The testing happens as part of the submission process. It's a case-by-case thing, the structure of the complex objects/values is relevant to whether or not it can be supported and functional in a gallery app.

Prior to submitting the gallery app integration request, you can't test custom complex/multi-valued attributes in a non-gallery generic SCIM app.

Share via

Entra ID custom schema attribute with object instead of string

1 answer

Your answer