I dont think Azure AD Provisioning allows sending any other attribute for manager except id. Let me confirm and come back on this.
SCIM user provisioning setup with manager attribute
Hello, I am trying to get the correct setup for the 'manager' attribute that comes from the SCIM protocol, enterprise user extension.
According to the SCIM protocol, this is a complex type attribute with 3 sub-attributes: 'value', '$ref', and read-only 'displayName'. But the default setup from Azure AD actually sends manager as a simple attribute:
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager": "user-id".
Is there a way to get the setup that follows the SCIM specification and sends "manager" with "value" and "$ref"?
Regards
8 answers
Sort by: Most helpful
-
Abhijeet-MSFT 546 Reputation points Microsoft Employee
2020-12-07T01:17:23.557+00:00 -
Abhijeet-MSFT 546 Reputation points Microsoft Employee
2020-12-10T09:34:44.927+00:00 Hi @Stefan Vuckovic , The SCIM RFC 4.3 does not require any of these attributes to be mandatory, as such we are only sending ID at the moment. Long term we may have a plan to send manager with value but currently there is no way to achieve it.
-
Steve Jerman 1 Reputation point
2021-09-02T18:10:30.207+00:00 Has there been any progress on this? The application obviously doesn't comply to the spec. I'm struggling to see a solution that doesn't break other users of my SCIM API.
Ive been trying to hack my way around the issue. How can I add a custom attribute? For example if I can add:
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:managerId
I can add that parameter to my SCIM schema and just deal with the consequences.
Steve
-
AV 1 Reputation point
2021-09-02T20:29:54.39+00:00 Is there a known custom expression to set as the custom Azure attribute so we can use urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.displayName?
@Abhijeet-MSFT -
Steve Jerman 1 Reputation point
2021-12-10T11:30:37.873+00:00 Hello. For those coming to this answer again, I ran into a another issue with the manager attribute today. When Azure sends the manager attribute they break the spec as per the discussion above. However, when they read the data back they expect the correct format! ie manager.value.
To reproduce just use the 'Provision on demand' function... run it twice and you will see the issue.
I just wasted a morning on this. Who has different models for serialization and deserialiation?
Steve