Share via

Azure SCIM - Group members are not sending from azure while group provisioning

Samadhan Salagar 5 Reputation points
2024-09-19T04:22:53.6166667+00:00

I am performing SCIM provisioning from Azure and have mapped the default attributes in the attribute mapping settings. I added 5 users to the "devtestgroup", but when sending the requests, Azure is only sending the externalId and displayName, and not the members

MappingCapture

MembersScreenshot 2024-09-19 095105

Here Members are sent empty

Screenshot 2024-10-16 150418

could someone help me with the same?

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,573 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,904 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 32,751 Reputation points Microsoft Employee
    2024-09-26T06:11:41.9233333+00:00

    @Samadhan Salagar Apologies for the delayed response, does the issue still persists? If the issue still persists would like to have this info to begin with
    As far I am aware A user can only be added to a group if it is successfully being provisioned from source -> target via AAD Provisioning. Also, Groups are created with an empty members list and the members will only be pushed once the group is successfully created in target

    Refer to these docs on how provisioning works:

    https://learn.microsoft.com/en-us/entra/identity/app-provisioning/how-provisioning-works#initial-cycle

    https://learn.microsoft.com/en-us/entra/identity/app-provisioning/use-scim-to-provision-users-and-groups#group-operations

    Hope the above information helps to isolate your issue, if in case you have any questions feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.
    0 comments
  2. Danny Zollner 10,061 Reputation points Microsoft Employee
    2024-09-26T21:59:16.1+00:00

    Members are not added on creation of groups, only as an update after the creation. The Entra ID provisioning service is returning an error message as seen in the screenshot you provided, and that error is because the "success" response to the SCIM POST (create) request is invalid - the "id" attribute returned for the group is null, and all objects in SCIM must have an id value. As the group that was "created" is invalid, no updates can be sent, and therefore you will not see attempts to add members.

    To resolve the set of issues you are seeing, the SCIM server needs to be fixed to return a unique and immutable "id" value for each group and user.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.