What can cause the "Job does not include the rule" exception when provisioning users on demand?

Question

This error sometimes occurs when provisioning on demand is performed by a partner company from their Active Directory to one of our web applications. It has not happened in our own instance.

Answer 1

@Geoffrey van Wyk The most common reason for this that I can think of is in a scenario like this :

Azure AD connect is syncing users from on prem AD to AAD and source of Authority is Window server AD.

When the provisioning service lets say for example workday tries to sync the user to AAD it can not update it and which then results in this issue.
It issue can be resolved by changing the scope of users being provisioned from workday to AAD by using the scoping filters (e.g. cost center and employee id or set mapping for unique attribute like dirSync)

Check something for that application and how they are scoping it.
Here is a attribute mapping link for Workday as a sample : https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-cloud-only-tutorial#part-2-configure-workday-and-azure-ad-attribute-mappings

-----------------------------------------------------------------------------------------------------------------

If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.