Reputation: 924
Provisioning with SCIM
I am very new to SCIM and want to use it Provisioning or a user registered in Azure AD and want to update some other system with user registrations. What if the other system is having issues or is in maintenance. How can you guarantee the delivery of the information to the other system. What is the best practices to handle situation like this?
Upvotes: 0
Views: 1714
Answers (1)
Reputation: 922
Errors and retries
If an individual user can't be added, updated, or deleted in the target system due to an error in the target system, then the operation will be retried in the next sync cycle. If the user continues to fail, then the retries will begin to occur at a reduced frequency, gradually scaling back to just one attempt per day. To resolve the failure, administrators will need to check the audit logs for "process escrow" events to determine the root cause and take the appropriate action. Common failures can include:
- Users not having an attribute populated in the source system that is required in the target system
- Users having an attribute value in the source system for which there is a unique constraint in the target system, and the same value is present in another user record
These failures can be resolved by adjusting the attribute values for the affected user in the source system, or by adjusting the attribute mappings to not cause conflicts.
Quarantine
If most or all of the calls made against the target system consistently fail due to an error (such as in the case of invalid admin credentials), then the provisioning job goes into a "quarantine" state. This is indicated in the provisioning summary report, and via email if email notifications were configured in the Azure portal.
When in quarantine, the frequency of incremental syncs is gradually reduced to once per day.
The provisioning job will be removed from quarantine after all of the offending errors being fixed, and the next sync cycle starts. If the provisioning job stays in quarantine for more than four weeks, the provisioning job is disabled.
Reference: Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory
Upvotes: 0
Related Questions
- How to configure SCIM provisioning for Azure AD and Databricks via terraform?
- Azure Active Directory Enterprise App OpenID and User Provisioning (SCIM)
- Azure AD provisioning requires two runs to succeed with custom app
- SCIM Provisioning after Enterprise Application deleted
- How do I turn on provisioning for our Enterprise application in azure AD without being in the gallery?
- Azure AD enterprise application provisioning
- SCIM endpoint and user provisioning with Azure Active Directory & Symfony
- Not Getting option to change to manual SCIM Provisioning
- provisioning using SCIM
- Azure AD User Provisioning with SCIM 2.0