How to update Azure Marketplace to support complex custom attributes in SCIM provisioning

Vil-0670 20 Reputation points
2024-11-12T15:52:31.9866667+00:00

We have a gallery app listed on Azure Marketplace, which supports SCIM provisioning and would like to update it to support provisioning of a custom SCIM extension with a complex attribute like so:

{
	"schemas":[ "urn:ietf:params:scim:schemas:core:2.0:User"],
	"urn:ietf:params:scim:schemas:extension:customExtension:2.0:User": {
    	"customAttributes": {
        	"job_code": "PM123456"
			"job_family": "Support"
    	}
	}
}

This documentation suggests that "Custom multi-value and complex-typed extension attributes are currently supported only for applications in the gallery." It also seems that update requests to Microsoft Entra app gallery are now handled on a case by case basis according to this page.
This seems to work with update requests (PUT/PATCH) when using dot-notation, however does not work for create requests (POST). Does anyone know how this should be structured in Entra provisioning schema so it works for both update and create requests?

For context - we've tried adding a custom attribute mapping using dot notation (urn:ietf:params:scim:schemas:extension:customExtension:2.0:User:customAttributes.job_code) which returned the following:

{
	"schemas"
	"urn:ietf:params:scim:schemas:extension:customExtension:2.0:User"
	{
		"customAttributes":"PM123456"
	}
}

as well as using colon sub-attribute (urn:ietf:params:scim:schemas:extension:customExtension:2.0:User:customAttributes:job_code) to define the mapping - this was closer, but still not the expected structure:

{
	"schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User"],
	"urn:ietf:params:scim:schemas:extension:customExtension:2.0:User:customAttributes":
	{
    	"job_code": "PM123456"
	}
}
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,501 questions
0 comments No comments
{count} votes

Accepted answer
  1. Danny Zollner 10,486 Reputation points Microsoft Employee
    2024-11-12T18:28:48.98+00:00

    Custom attributes that are complex and/or multi-valued are not supported, as you saw in the documentation.

    Unsupported doesn't always mean that something won't work at all, but that it isn't something that is validated in design/testing. That is the cause of the inconsistent behavior you have described.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.