AzureAD SCIM integration with Country Code field

ScimUser 1 Reputation point

I've configured Azure AD with my SCIM endpoint to provision users. My mapping definition includes mapping the country code from the Azure country to addresses[type eq "work"].country, but provisioning fails for users whose country code is more than two characters long (e.g. USA instead of US). The failure on the SCIM endpoint indicates the country code is too long.

I see the SCIM spec ( says the country code must be in ISO 3166-1 "alpha-2" code format, so the SCIM endpoint rejecting this user sounds correct.

How can I configure Azure AD to either:

  1. Convert the 3 char country code to 2 char for transmission via the SCIM protocol (preferred), or
  2. Not send the country code field for users whose country code value violates the SCIM spec?
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,663 questions
{count} votes

1 answer

Sort by: Most helpful
  1. FrankHu-MSFT 971 Reputation points

    It looks like this is an issue that can be fixed either by changing the source data or config on your server side,

    Changing the source data part(values in AAD) is straightforward enough.
    If you would like implement logic that says "If a user has USA, send US, if they have CAN send CA, etc.." then you will need to do that yourself.

    You can use the Switch function for that.

    However there are no current built in methods in Azure for this right now. I apologize for the inconvenience, I suggest submitting your feedback in regards to this here : and if there's enough community support the product team will put this on the roadmap to implement in the future.

    0 comments No comments