Azure AD SCIM attribute mapping not working for NON_GALLERY applications

Question

Hi,

I'm not able to configure the attribute mapping in Azure AD for existing Application.

Reference link: https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes

As per the reference link I'm not getting this option instead I'm getting an error as "Application mappings are not valid.".

This is a NON-Gallery Application just configured for user provisioning to custom application. Till 19th-March I was easily able to configure it but now it's not working not for one tenant but for multiple tenant around 5-6 tenant it's the same error.

Also now I don't see the option to force sync in SCIM, earlier there was an option Just under provisioning on/off setting to check mark "clear current state and restart synchronization" (https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/configure-automatic-user-provisioning-portal#settings)

Answer 1

Hi Team,

I got to figure out what was the issue and it was a change which recently been pushed by Microsoft. Mapping error “Application mappings are not valid” which is not allowing the users to sync.

Issue had recently popped up due to some back end new patch update at Microsoft end which is not allowing to map Primary key attribute “ID”. Now when we are trying to map the attribute it’s not working. Getting below error:

Checked MS documentation(https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#step-2-understand-the-azure-ad-scim-implementation) it says ID is a required property now. Earlier I could map this TargetAttribute (ID) with SourceAttribute (OriginalUserPrincipalName)

After restoring the mapping and assigning with some other custom attribute the issue seems to be resolved.