Share via

Adobe Provisioning Error

Bingham, Dan (OPP) 21 Reputation points
2022-01-13T18:37:26.697+00:00

User is sync'd into Azure AD fine, but will not provision to Adobe. MS rep advised to post here.

Details
Error code
SystemForCrossDomainIdentityManagementServiceIncompatible
Error message
StatusCode: BadRequest Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"400","scimType":"invalidValue","detail":"ERROR_DUPLICATE_EMAIL: Email \"user@keyman .ca\" already exists in the owning AuthSrc \"xxxxxxxxxxxxxxxxxxxxxxxxxx\"."}. This operation was retried 0 times. It will be retried again after this date: 2022-01-13T17:59:58.7280385Z UTC

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Danny Zollner 10,801 Reputation points Microsoft Employee Moderator
    2022-01-13T20:16:25.993+00:00

    The error message originates from Adobe and indicates that the user attempting to be created already exists in Adobe. Typically, our service can catch that - this is done via the matching attributes in the provisioning configuration. It may be that there are multiple attributes that are all considered for uniqueness - i.e.: SCIM "userName", "emails[type eq "work"].value, etc, and that the configuration in the Adobe app may only be looking for a match between userPrincipalName -> userName, and not checking for a second attribute like mail -> emails[type eq "work"].value.

    First place to start would be talking to Adobe's support to get them to explain why they're returning this error, and from there you should be able to work back what the issue is with the Azure AD provisioning config, if there is one.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Miggy 0 Reputation points
    2023-05-15T15:47:52.6933333+00:00

    We had the same issue. It stemmed from the user having a previous account that was removed from our Azure Directory but had left some account information in Adobe. We manually created the user in Adobe, once our sync ran that user account was disabled. We were then able to delete the user, run our sync, & the account was provisioned & activated for them.

    0 comments
  2. SAPTAK BANERJEE 0 Reputation points
    2024-08-23T11:52:02.02+00:00

    This error often occurs due to incorrect attribute mapping in the Provisioning section of the Enterprise Application within Entra ID.

    To resolve this issue, follow these steps:

    • Consult with the application vendor to obtain the required attribute mapping table.
    • Configure SCIM attribute mapping in Entra ID according to the provided table.

    Here's an example of a typical attribute mapping table:User's image

    By ensuring accurate attribute mapping, you can successfully integrate the application with Entra ID and avoid this error.

    Please mark it as "Accepted Answer", if it solves your problem.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.