Is it possible to remove the Target ID of the Target System that has been synchronized with SCIM?

Question

Hi,

I'm using SCIM to sync Azure AD account information to System-AAA.
However, certain users need to get out of sync with the old user and resync with another new user.

For example,
the AzureAD account taro.yamada@azuread has been set to be resynchronized with the System-AAA account taro.yamada-before@systemAAA using SCIM. A new System-AAA account taro.yamada-after@systemAAA is created.
Now, taro.yamada@azuread needs to be resynchronized with taro.yamada-after@systemAAA.

In this case, it seems that it is theoretically possible with the following procedure,
but I didn't know how to do step 2).
How can I do it? Is there a way?

1) Delete the "externalId" of taro.yamada-before@systemAAA on the System-AAA side.
2) Delete the System-AAA "id" (the one described as "Target ID" on the AzureAD screen) stored on the AzureAD side.
3) Send a Create request (SCIM) from AzureAD to System-AAA for taro.yamada@azuread to be created as taro.yamada-after@systemAAA

Thank you.

Answer 1

Two ways:

1) Delete the user in the SCIM app so that any calls to /Users/<id value> return a 404, which will break the link in AAD Provisioning and force the service to go try matching again

2) Restart via MS Graph with resetScope of Full. https://learn.microsoft.com/en-us/graph/api/synchronization-synchronizationjob-restart?view=graph-rest-beta&tabs=http

The 2nd option will break the links between all objects in the provisioning job and then they will be reevaluated as part of the restart using whatever the currently configured matching criteria are.