![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,561 questions
For your question regarding the changes happening in the Target System, would they be updated in the Source System.
- Is there a reason why you want to change attributes in the Target System rather than the Source System?
- Or why you would want to update the Source System from the Target System?
Based off the How provisioning works documentation regarding the AzureAD provisioning service using the SCIM2.0 user management API, you can see that "user data" only flows one way, from the Source System to the Target System. With that in mind, the initial provisioning cycle, will query all users and groups from the source system retrieving all the attributes defined in the attribute mappings, if the user is found then it's updated using the attributes provided by the source system, this is a similar process for the incremental cycles.
When it comes to the Clear State and Restart option, that will only initiate a new initial cycle. This action will clear any stored watermark and causes all the source objects to be evaluated again.
From my understand, I believe user provisioning using the SCIM2.0 connector is "one-way" by design as to prevent updating the Source System from the Target System.
----------
Additional Links for your reference: