![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 19%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERT%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,459 questions
Are you using Salesforce's SAML JIT provisioning where a user account is created at the time of sign-in, or are you using the Azure AD User Provisioning feature under the "Provisioning" blade of a Salesforce Enterprise Application in Azure AD? It isn't clear which you are using.
If you are using SAML JIT, your question would likely be better handled by Salesforce - our service would merely provide a SAML token/assertion as configured in the SAML SSO setup in Azure AD. How that data is consumed by Salesforce to either sign in a user or potentially create a user is logic entirely owned by Salesforce.
If you are using Azure AD User Provisioning - these issues can be far more complex (and contain more personal data about the users being provisioned) than should be handled over a Microsoft Q&A post - and in that case I would strongly suggest creating a support case with Azure AD to receive assistance there.