SCIM user provisioning setup with manager attribute

Stefan Vuckovic 26 Reputation points

Hello, I am trying to get the correct setup for the 'manager' attribute that comes from the SCIM protocol, enterprise user extension.
According to the SCIM protocol, this is a complex type attribute with 3 sub-attributes: 'value', '$ref', and read-only 'displayName'. But the default setup from Azure AD actually sends manager as a simple attribute:
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager": "user-id".

Is there a way to get the setup that follows the SCIM specification and sends "manager" with "value" and "$ref"?


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,646 questions
0 comments No comments
{count} votes

8 answers

Sort by: Most helpful
  1. Abhijeet-MSFT 531 Reputation points Microsoft Employee

    I dont think Azure AD Provisioning allows sending any other attribute for manager except id. Let me confirm and come back on this.

    0 comments No comments

  2. Abhijeet-MSFT 531 Reputation points Microsoft Employee

    Hi @Stefan Vuckovic , The SCIM RFC 4.3 does not require any of these attributes to be mandatory, as such we are only sending ID at the moment. Long term we may have a plan to send manager with value but currently there is no way to achieve it.

  3. Steve Jerman 1 Reputation point

    Has there been any progress on this? The application obviously doesn't comply to the spec. I'm struggling to see a solution that doesn't break other users of my SCIM API.

    Ive been trying to hack my way around the issue. How can I add a custom attribute? For example if I can add:


    I can add that parameter to my SCIM schema and just deal with the consequences.


    0 comments No comments

  4. AV 1 Reputation point

    Is there a known custom expression to set as the custom Azure attribute so we can use urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.displayName?

    0 comments No comments

  5. Steve Jerman 1 Reputation point

    Hello. For those coming to this answer again, I ran into a another issue with the manager attribute today. When Azure sends the manager attribute they break the spec as per the discussion above. However, when they read the data back they expect the correct format! ie manager.value.

    To reproduce just use the 'Provision on demand' function... run it twice and you will see the issue.

    I just wasted a morning on this. Who has different models for serialization and deserialiation?


    0 comments No comments