question

samiii avatar image
0 Votes"
samiii asked samiii commented

Is it possible to remove the Target ID of the Target System that has been synchronized with SCIM?

Hi,

I'm using SCIM to sync Azure AD account information to System-AAA.
However, certain users need to get out of sync with the old user and resync with another new user.

For example,
the AzureAD account taro.yamada@azuread has been set to be resynchronized with the System-AAA account taro.yamada-before@systemAAA using SCIM. A new System-AAA account taro.yamada-after@systemAAA is created.
Now, taro.yamada@azuread needs to be resynchronized with taro.yamada-after@systemAAA.

In this case, it seems that it is theoretically possible with the following procedure,
but I didn't know how to do step 2).
How can I do it? Is there a way?

1) Delete the "externalId" of taro.yamada-before@systemAAA on the System-AAA side.
2) Delete the System-AAA "id" (the one described as "Target ID" on the AzureAD screen) stored on the AzureAD side.
3) Send a Create request (SCIM) from AzureAD to System-AAA for taro.yamada@azuread to be created as taro.yamada-after@systemAAA

Thank you.

azure-active-directoryazure-ad-user-provisioning
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ZollnerD avatar image
1 Vote"
ZollnerD answered samiii commented

Two ways:

1) Delete the user in the SCIM app so that any calls to /Users/<id value> return a 404, which will break the link in AAD Provisioning and force the service to go try matching again

2) Restart via MS Graph with resetScope of Full. https://docs.microsoft.com/en-us/graph/api/synchronization-synchronizationjob-restart?view=graph-rest-beta&tabs=http

The 2nd option will break the links between all objects in the provisioning job and then they will be reevaluated as part of the restart using whatever the currently configured matching criteria are.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for telling me how!

The first method is unlikely to work.
This is because the system provides only logical deletes, not physical deletes.

I will try the second one!

Thank you very much!

0 Votes 0 ·

I was able to do what I wanted to do the way I was taught!
thank you very much! !!

0 Votes 0 ·