question

GeoffreyvanWyk-0769 avatar image
0 Votes"
GeoffreyvanWyk-0769 asked GeoffreyvanWyk-0769 edited

What can cause the "Job does not include the rule" exception when provisioning users on demand?

This error sometimes occurs when provisioning on demand is performed by a partner company from their Active Directory to one of our web applications. It has not happened in our own instance.

azure-ad-user-provisioning
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered GeoffreyvanWyk-0769 edited

@GeoffreyvanWyk-0769 The most common reason for this that I can think of is in a scenario like this :

Azure AD connect is syncing users from on prem AD to AAD and source of Authority is Window server AD.

When the provisioning service lets say for example workday tries to sync the user to AAD it can not update it and which then results in this issue.
It issue can be resolved by changing the scope of users being provisioned from workday to AAD by using the scoping filters (e.g. cost center and employee id or set mapping for unique attribute like dirSync)

Check something for that application and how they are scoping it.
Here is a attribute mapping link for Workday as a sample : https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-cloud-only-tutorial#part-2-configure-workday-and-azure-ad-attribute-mappings


If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks @vipulsparsh-MSFT . Our partner indeed does use Azure AD connect. This might be spot on. I will relay the information.

0 Votes 0 ·