Reputation: 45
I am looking into Azure AD SCIM Provisioning and I have a question I am hoping I could get some help on. My use case is as follows
"Operations": [
{
"op": "Remove",
"path": "members",
"value": "john-smith-id"
}
]
but instead Azure AD sends a PATCH request to /Users with the following body
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Add",
"path": "displayName",
"value": "John Smith"
}
]
and another PATCH request to /Groups with the following body
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Add",
"path": "externalId",
"value": "some-guid"
}
]
Is this correct? I feel like I am messing something up when removing the member from the Group which isn't triggering the desired PATCH request
Upvotes: 1
Views: 321
Reputation: 1
After step #4, I would recommend checking if the user has successfully been removed from the group.
Also, make sure that you're using the right rule ID in the on-demand provisioning request. One easy way to do this is to try through the UI and look at the network traffic ctrl+shift+i
The rule ID can be found in the schema.
Upvotes: 0