Hi,
We have created a SCIM endpoint for our custom application connecting to Azure AD's SCIM client. We have created an Enterprise Application for our custom application and successfully connected the provisioning. We are creating users and groups successfully.
What we see in the logs is that after the groups have been successfully created and users successfully added to the groups, Azure AD is sending an additional CREATE-request to create the group one more time. Since the group is already created in our custom application, this additional create-request will return an http409 from our custom application causing a "failure" log entry in Azure AD's provisioning log.
We are having a hard time understanding why Azure AD is sending two CREATE-requests since the first CREATE-request is successfully executed.
In the Azure AD's provision logs (exported to JSON), we see that the "targetIdentity > identityType" is different in the two CREATE-requests. First one has "identityType": "urn:ietf:params:scim:schemas:core:2.0:Group" while the last one has "identityType": "Group".
Has anyone seen this issue before, or do anyone know what could cause this issue?