Azure AD User Auto provision in Salesforce with profile

Rikin Trivedi 1 Reputation point

Hi @AmanpreetSingh-MSFT

Apologies for the direct approach but I see there is a similar issues you are dealing with an I am have more or less the same issue.

I am provisioning an AAD Guest User (third party vendor), adding to AAD Security Group which is associated in Salesforce SSO and with profile (down from Salesforce to AAD).

This issue is that the User gets created AAD >> Salesforce but not with the correct profile as intended.
Am I missing any particular attribute?

Your assistance is highly appreciated.


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,135 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Danny Zollner 9,536 Reputation points Microsoft Employee

    Are you using Salesforce's SAML JIT provisioning where a user account is created at the time of sign-in, or are you using the Azure AD User Provisioning feature under the "Provisioning" blade of a Salesforce Enterprise Application in Azure AD? It isn't clear which you are using.

    If you are using SAML JIT, your question would likely be better handled by Salesforce - our service would merely provide a SAML token/assertion as configured in the SAML SSO setup in Azure AD. How that data is consumed by Salesforce to either sign in a user or potentially create a user is logic entirely owned by Salesforce.

    If you are using Azure AD User Provisioning - these issues can be far more complex (and contain more personal data about the users being provisioned) than should be handled over a Microsoft Q&A post - and in that case I would strongly suggest creating a support case with Azure AD to receive assistance there.

    1 person found this answer helpful.