question

vaskoangeleski-8093 avatar image
0 Votes"
vaskoangeleski-8093 asked ZollnerD edited

Why arent custom attributes provisioned on POST request

When mapping a Azure Active Directory Attribute with "customappsso Attribute" like in the image below for user provisioning, the custom fields are not being send by the POST request
when creating the user in the target system. Why is this happening? The attributes which are not submitted on the POST requests are "imeto" , "prezimeto"
96884-screenshot-1.jpg



The custom attributes are submitted on a second PATCH request via "Add" operation and regardless of the response back its never taken in to the consideration which means the same PATCH request will be submitted on next provisioning by demand or the normal cycle of provisioning. How can i alter this behavior the customappsso to be in the first POST request?

azure-ad-user-provisioning
screenshot-1.jpg (58.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered

@vaskoangeleski-8093
Thank you for your post!

From your description, it sounds like you've created custom attributes within AzureAD (imeto and prezimeto), but these aren't syncing to users that are created within the Target system until after a second PATCH call.

From our "How provisioning works" documentation, it seems like the provisioning service is working as expected since it will query the Source system, sync changes through the AzureAD Provisioning service, to Target system- Provisioning cycles: Initial and incremental.
97620-image.png

Since you're creating users within the Target system, this could be why you're running into a sync issue until a PATCH call is made.


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (58.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZollnerD avatar image
1 Vote"
ZollnerD answered ZollnerD edited

You cannot add attributes in the way you are doing so currently. You need to add the target attribute using a full SCIM URN, as outlined in https://datatracker.ietf.org/doc/html/rfc7643#section-10.2.1

The specific example I am referring to is:

Declaration of Syntactic Structure:
The Namespace Specific String (NSS) of all URNs that use the "scim" Namespace ID shall have the following structure: urn:ietf:params:scim:{type}:{name}{:other}

Ideally you should not be seeing this work in any scenario, but the fact it is working at all is an unintended thing due to the fact that the code for us generating a POST is different than the code where we generate a PATCH. Your current attribute additions are not supported as they are not using a SCIM-compliant attribute naming convention.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.