What can cause the "Job does not include the rule" exception when provisioning users on demand?

Geoffrey van Wyk 21 Reputation points
2021-07-07T07:00:55.137+00:00

This error sometimes occurs when provisioning on demand is performed by a partner company from their Active Directory to one of our web applications. It has not happened in our own instance.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,290 questions
0 comments No comments
{count} votes

Accepted answer
  1. VipulSparsh-MSFT 16,236 Reputation points Microsoft Employee
    2021-07-08T12:21:08.567+00:00

    @Geoffrey van Wyk The most common reason for this that I can think of is in a scenario like this :

    Azure AD connect is syncing users from on prem AD to AAD and source of Authority is Window server AD.

    When the provisioning service lets say for example workday tries to sync the user to AAD it can not update it and which then results in this issue.
    It issue can be resolved by changing the scope of users being provisioned from workday to AAD by using the scoping filters (e.g. cost center and employee id or set mapping for unique attribute like dirSync)

    Check something for that application and how they are scoping it.
    Here is a attribute mapping link for Workday as a sample : https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-cloud-only-tutorial#part-2-configure-workday-and-azure-ad-attribute-mappings

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.


0 additional answers

Sort by: Most helpful