Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,339 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@Geoffrey van Wyk The most common reason for this that I can think of is in a scenario like this :
Azure AD connect is syncing users from on prem AD to AAD and source of Authority is Window server AD.
When the provisioning service lets say for example workday tries to sync the user to AAD it can not update it and which then results in this issue.
It issue can be resolved by changing the scope of users being provisioned from workday to AAD by using the scoping filters (e.g. cost center and employee id or set mapping for unique attribute like dirSync)
Check something for that application and how they are scoping it.
Here is a attribute mapping link for Workday as a sample : https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-cloud-only-tutorial#part-2-configure-workday-and-azure-ad-attribute-mappings
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.