Microsoft Azure Scim Provisioning Issue

[MuhammadSaad-VS]

Hi Guys,

I had implemented Scim Application with our internal system APIs to sync users only, facing an issue
ProviderBase class abstract methods QueryAsync, RetrieveAsync calling weirdly
When I perform on-demand provision user
I have mapped objectid with externalid with matching precedence 1
QueryAsync this method calls 3 times with the same Attribute path externalid but with different ids
RetrieveAsync this method calls with inappropriate externalid, not with objectid that's why it creates a user every time instead of updating when the user already exists.

[rekefjard]

I'm also interested to know why the AAD Provisioning client is sending multiple user queries with the query string like

filter=userName+eq+%22cf4d78e8-cc4f-4d5d-b8b9-183561c0104a%22

where the object id of course is different in each query but has now apparent relation to my users that i want to provision.

The same type of query also happens when clicking the 'Test Connection' button under 'Update Credentials'/'Admin Credentials'. But in this case the query is obviously used to verify the credentials.

[toreyhickman]

I'm also interested to know why the AAD Provisioning client is sending multiple user queries with the query string like

filter=userName+eq+%22cf4d78e8-cc4f-4d5d-b8b9-183561c0104a%22

where the object id of course is different in each query but has now apparent relation to my users that i want to provision.

The same type of query also happens when clicking the 'Test Connection' button under 'Update Credentials'/'Admin Credentials'. But in this case the query is obviously used to verify the credentials.

My organization just ran into this question. What we found is that "... it's part of what steps our service [Azure/Entra ID] takes at the start of any activity ... to validate that the SCIM endpoint it is talking to functions correctly" (see source).