We are an enterprise application provider and we have had several customers recently run into the same issue when provisioning users from Azure Active Directory into our application using SCIM.
The main issue is that provisioning does not seem to even attempt to provision users or groups that have been assigned to our application. When running provisioning, the provisioning logs do not show any attempts to provision any user.
Each user has been assigned to the 'default access' role and there are no scoping filters setup.
We can successfully provision users using the 'provision on demand' approach.
Audit logs indicate that provisioning was ran and completed.
Another oddity is that this only seems to be applying to newer customers. Our own test environment works correctly even when setup exactly the same as our customers. Could this be due to the changes made in April 2020 to the 'default access' role?
We have attempted to resolve the issue by using the "Clear current state and restart synchronization" option as well as removing and reinstalling the application but these did not have any effect.
Any help would be very appreciated!
