Share via

Why arent custom attributes provisioned on POST request

vasko angeleski 1 Reputation point
2021-05-15T12:04:54.117+00:00

When mapping a Azure Active Directory Attribute with "customappsso Attribute" like in the image below for user provisioning, the custom fields are not being send by the POST request
when creating the user in the target system. Why is this happening? The attributes which are not submitted on the POST requests are "imeto" , "prezimeto"
96884-screenshot-1.jpg

The custom attributes are submitted on a second PATCH request via "Add" operation and regardless of the response back its never taken in to the consideration which means the same PATCH request will be submitted on next provisioning by demand or the normal cycle of provisioning. How can i alter this behavior the customappsso to be in the first POST request?

Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Danny Zollner 10,801 Reputation points Microsoft Employee Moderator
    2021-05-19T17:17:00.753+00:00

    You cannot add attributes in the way you are doing so currently. You need to add the target attribute using a full SCIM URN, as outlined in https://datatracker.ietf.org/doc/html/rfc7643#section-10.2.1

    The specific example I am referring to is:

    Declaration of Syntactic Structure:
    The Namespace Specific String (NSS) of all URNs that use the "scim" Namespace ID shall have the following structure: urn:ietf:params:scim:{type}:{name}{:other}

    Ideally you should not be seeing this work in any scenario, but the fact it is working at all is an unintended thing due to the fact that the code for us generating a POST is different than the code where we generate a PATCH. Your current attribute additions are not supported as they are not using a SCIM-compliant attribute naming convention.

    1 person found this answer helpful.
    0 comments
  2. JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator
    2021-05-18T21:55:14.727+00:00

    @vasko angeleski
    Thank you for your post!

    From your description, it sounds like you've created custom attributes within AzureAD (imeto and prezimeto), but these aren't syncing to users that are created within the Target system until after a second PATCH call.

    From our "How provisioning works" documentation, it seems like the provisioning service is working as expected since it will query the Source system, sync changes through the AzureAD Provisioning service, to Target system- Provisioning cycles: Initial and incremental.
    97620-image.png

    Since you're creating users within the Target system, this could be why you're running into a sync issue until a PATCH call is made.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.