This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 77%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV0%3C/text%3E%3C/svg%3E)
We have a gallery app listed on Azure Marketplace, which supports SCIM provisioning and would like to update it to support provisioning of a custom SCIM extension with a complex attribute like so:
{
"schemas":[ "urn:ietf:params:scim:schemas:core:2.0:User"],
"urn:ietf:params:scim:schemas:extension:customExtension:2.0:User": {
"customAttributes": {
"job_code": "PM123456"
"job_family": "Support"
}
}
}
This documentation suggests that "Custom multi-value and complex-typed extension attributes are currently supported only for applications in the gallery." It also seems that update requests to Microsoft Entra app gallery are now handled on a case by case basis according to this page.
This seems to work with update requests (PUT/PATCH) when using dot-notation, however does not work for create requests (POST). Does anyone know how this should be structured in Entra provisioning schema so it works for both update and create requests?
For context - we've tried adding a custom attribute mapping using dot notation (urn:ietf:params:scim:schemas:extension:customExtension:2.0:User:customAttributes.job_code) which returned the following:
{
"schemas"
"urn:ietf:params:scim:schemas:extension:customExtension:2.0:User"
{
"customAttributes":"PM123456"
}
}
as well as using colon sub-attribute (urn:ietf:params:scim:schemas:extension:customExtension:2.0:User:customAttributes:job_code) to define the mapping - this was closer, but still not the expected structure:
{
"schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User"],
"urn:ietf:params:scim:schemas:extension:customExtension:2.0:User:customAttributes":
{
"job_code": "PM123456"
}
}
A cloud-based identity and access management service for securing user authentication and resource access
Answer accepted by question author
Custom attributes that are complex and/or multi-valued are not supported, as you saw in the documentation.
Unsupported doesn't always mean that something won't work at all, but that it isn't something that is validated in design/testing. That is the cause of the inconsistent behavior you have described.
I appreciate it's not supported for non-gallery applications, but the documentation seems to suggest that it's still supported for gallery applications:> "Custom multi-value and complex-typed extension attributes are currently supported only for applications in the gallery."
We do have a gallery application, but not sure how to update it, since updates are now only processed on a case-by-case basis due to focus shifting towards Secure Future Initiative. Is there a support contact we could reach out for help with updating our listing?
I see how the current wording in the documentation is ambiguous. For reference:
Custom multi-value and complex-typed extension attributes are currently supported only for applications in the gallery.
This should read more like:
Custom multi-value and complex-typed extension attributes are currently supported only when they are included in the default schema for applications in the gallery.
To your question on how to update the current gallery application, you can still submit an update request via the Microsoft Application Network submission form, but that request will not be processed in the near future. I am the right person to talk to about this - I'll reach out via a direct message here on Q&A to share my email address with you.