This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 3%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPN%3C/text%3E%3C/svg%3E)
We are getting this error when we try to provision users with the correct AD group and it is telling the user already exists in the target system instead of updating the user on the target system.
The expected outcome is user should be able to provision with the correct AD group.
StatusCode: Conflict Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":: ,"status":409}. This operation was retried 0 times. It will be retried again after this date: 2026-02-18T02:04:24.3751417Z UTC
We tried running this command on the graph explorer but still the behavior is same.
Entra is trying to provision the accounts as new, rather than acknowledge them as existing. IE its sending POST messages because it doesn't believe, or hasn't properly synced the existing Slack userID into the Entra datastore. We need to force Entra to restart the synchronization job: https://learn.microsoft.com/en-us/graph/api/synchronization-synchronizationjob-restart?view=graph-rest-beta&tabs=http To note, This needs to be done using the BETA branch - no idea why it doesn't work on 1.0, but we have reports from other customers that have to do this, that it doesnt work otherwise. additionally, you need to change the criteria to the following:
`{ "criteria": { "resetScope": "Full" } }`
This is because the original payload doesn't include the "connectorDataStore" scope - and without that, Entra won't pull the Slack userID from the SCIM request if one already exists. It'll just skip it rather than fix it. SCIM implementation is the responsibility of the IDP, and in this case Microsoft made some choices that make it hard to "fix" if the changes were made outside of Entra. I can definitly admit this is a really sledgehammery fix, but what this will do is get Entra to acknoweldge the Slack account exists, and map it with the matching email address.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 27%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDO%3C/text%3E%3C/svg%3E)
Thanks for identifying this workaround. This is probably a feature gap between v1 and beta. It means there is a limitation in the v1 that is in beta.
Its okay to use it if it solves the problem but with caution.