question

KajanNallathamby-3213 avatar image
0 Votes"
KajanNallathamby-3213 asked ·

How does azure SCIM provisioning handle changes in the Target System

Hey,
Just needed a few things cleared up about Azure SCIM Provisioning.

I understand if a user in the target system gets deleted. On the next poll it would find out the user is missing and re-create it.
My question is on other fields that were mapped, like the email field or the name field. What would happen if they were changed in the target system. The next poll would still find the user, does azure do any checks on all the mappings to see if it got modified and send a PATCH? or would they be out of sync? If so would they be synced again on the next a "Clear state and restart" is initiated?

Thanks,
Kajan

azure-ad-user-provisioning
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered ·

@KajanNallathamby-3213

For your question regarding the changes happening in the Target System, would they be updated in the Source System.

  • Is there a reason why you want to change attributes in the Target System rather than the Source System?

  • Or why you would want to update the Source System from the Target System?


Based off the How provisioning works documentation regarding the AzureAD provisioning service using the SCIM2.0 user management API, you can see that "user data" only flows one way, from the Source System to the Target System. With that in mind, the initial provisioning cycle, will query all users and groups from the source system retrieving all the attributes defined in the attribute mappings, if the user is found then it's updated using the attributes provided by the source system, this is a similar process for the incremental cycles.


When it comes to the Clear State and Restart option, that will only initiate a new initial cycle. This action will clear any stored watermark and causes all the source objects to be evaluated again.

9647-azuread-provisioning.jpg

From my understand, I believe user provisioning using the SCIM2.0 connector is "one-way" by design as to prevent updating the Source System from the Target System.



Additional Links for your reference:

Deprovisioning workflow

Customizing Attribute Mappings



· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@KajanNallathamby-3213

I just wanted to check in and see if my previous post helped answer your question or if you had any other questions.

Thank you for your time!



Please do not forget to "Accept the answer", whenever the information provided helps you. This will help others in the community.

0 Votes 0 ·

@KajanNallathamby-3213

I just wanted to check in and see if my previous post helped answer your question or if you had any other questions.



Please let us know if this reply helped resolve your question. If so, please remember to "mark as answer" so that others in the community facing similar issues can more easily find a solution.


0 Votes 0 ·