I dont think Azure AD Provisioning allows sending any other attribute for manager except id. Let me confirm and come back on this.
SCIM user provisioning setup with manager attribute
Hello, I am trying to get the correct setup for the 'manager' attribute that comes from the SCIM protocol, enterprise user extension.
According to the SCIM protocol, this is a complex type attribute with 3 sub-attributes: 'value', '$ref', and read-only 'displayName'. But the default setup from Azure AD actually sends manager as a simple attribute:
Is there a way to get the setup that follows the SCIM specification and sends "manager" with "value" and "$ref"?
Sign in to comment
Sort by: Most helpful
Hi @Stefan Vuckovic , The SCIM RFC 4.3 does not require any of these attributes to be mandatory, as such we are only sending ID at the moment. Long term we may have a plan to send manager with value but currently there is no way to achieve it.
@David L - you are entirely correct.
The Azure AD implementation is obviously not adhering to the spec.
@Abhijeet-MSFT : "The SCIM RFC 4.3 does not require any of these attributes to be mandatory, as such we are only sending ID at the moment." - yes, but you are doing so incorrectly. From the spec:-
The user's manager. A complex type that optionally allows service
providers to represent organizational hierarchy by referencing the
"id" attribute of another User.
It's not good for SCIM service providers to have to implement it the correct way for conformant clients, and incorrectly for AD.
Have you or would you please create a ticket for this to be fixed?
Acknowledging that this is implemented incorrectly by Azure AD's SCIM client. It isn't something that can be fixed overnight however as unfortunately our incorrect implementation has led to some SCIM implementations taking a dependency on this. This is on a list of SCIM client compliance issues that we're hoping to address in the next 3-6 months, at which point we will release another flag similar to aadOptScim062020 (see: https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/application-provisioning-config-problem-scim-compatibility#flags-to-alter-the-scim-behavior).
Today there is not a supported workaround to flow manager as a complex attribute as we don't support customized referential attributes, customized complex attributes or changing behavior for core SCIM/enterprise extension attributes.