What can cause the "Job does not include the rule" exception when provisioning users on demand?

Geoffrey van Wyk 21 Reputation points
2021-07-07T07:00:55.137+00:00

This error sometimes occurs when provisioning on demand is performed by a partner company from their Active Directory to one of our web applications. It has not happened in our own instance.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,581 questions
No comments
{count} votes

Accepted answer
  1. VipulSparsh-MSFT 15,986 Reputation points
    2021-07-08T12:21:08.567+00:00

    @Geoffrey van Wyk The most common reason for this that I can think of is in a scenario like this :

    Azure AD connect is syncing users from on prem AD to AAD and source of Authority is Window server AD.

    When the provisioning service lets say for example workday tries to sync the user to AAD it can not update it and which then results in this issue.
    It issue can be resolved by changing the scope of users being provisioned from workday to AAD by using the scoping filters (e.g. cost center and employee id or set mapping for unique attribute like dirSync)

    Check something for that application and how they are scoping it.
    Here is a attribute mapping link for Workday as a sample : https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-cloud-only-tutorial#part-2-configure-workday-and-azure-ad-attribute-mappings

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.


0 additional answers

Sort by: Most helpful