Is there any way to manage Delete and Disable status in SCIM?

Ashish Vishwakarma 1 Reputation point
2021-09-15T05:25:26.047+00:00

There is only one field Active in SCIM schema where we are getting True/False for both operations on assigning/un-assigning a user from an App and also on activating/deactivating a user. I want user to be disabled on un-assigning and on deactivating/deleting a user it should be deleted from my app.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
25,015 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Danny Zollner 10,801 Reputation points Microsoft Employee Moderator
    2021-09-24T15:56:31.8+00:00

    This is not possible today. The generic SCIM connector will only hard delete a user in the connected SCIM directory if the user is hard deleted in Azure AD while remaining in scope for provisioning.

    For reference, the following actions all cause the IsSoftDeleted source attribute (which is calculated by our service) to return True:

    1) User is disabled in AAD
    2) User is soft-deleted in AAD
    3) User is unassigned from the application AND provisioning is set to "Sync Assigned Users and Groups"
    4) User is deemed out of scope based on scoping filters set on the Users mapping section

    The default source mapping to the SCIM "active" attribute is Not([IsSoftDeleted]), or a Switch function that inverts True to return False and False to return True. Both the Switch function and the Not function achieve the same outcome.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.