This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 16%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFA%3C/text%3E%3C/svg%3E)
we built Azure integration with AWS console by creating new app inside the enterprise application in azure and we started assigning users to this newly created enterprise application. We noticed that very few users were synced to AWS and then stopped with a failure. When we used provision on demand we can see in the logs the following error:
Provision urn:ietf:params:scim:schemas:extension:enterprise:2.0:User in customappsso
can somebody assist in resolving this issue?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 24%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Hello pls can you provide further details on the error for the non gallery app?
There is an AWS IAM/AWS SSO application in the Enterprise App Gallery - use that rather than the generic SCIM connector. It is configured to work with the AWS SCIM service without requiring adjustments to the configuration that using the generic SCIM connector will require.
Thank you Danny, we will try to do that. the weird thing that the error we faced is not clear. it seems something to do with the synced fields.
It's been a few years since this was a wider issue, but I'm assuming it's an error similar to this?
"status": "400",
"response":{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
"scimType":"invalidSyntax"
"detail":
"Request is unparsable, syntactically incorrect, or violates schema.",
"status":"400"
}
The above example is from the SCIM specification, but I believe the error message is the one that you may be seeing. In this specific case, AWS IAM/SSO's SCIM server only supports certain core SCIM attributes, and the default configuration of the generic SCIM connector you configured includes attributes that aren't supported.
As I mentioned - the AWS-specific SCIM connector on the Enterprise App is configured to only provision attributes that exist in AWS which prevents this problem.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 53%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKD%3C/text%3E%3C/svg%3E)
Hi Fadi,
Check the user attributes for the failed users, Mandatory attribute values should be present in the AAD for the failed users.
Compare both the provisioned and failed users to get the conclusion.