Is it so that SCIM won’t apply updates to the users who were not provisioned via SCIM?
I’m trying to implement following setup on our Enterprise account:
- any user is allowed to sing-in via SSO, leading to Free Restricted profile creation
- members of a specific Azure AD group get Full license via SCIM update
It look like SCIM would ignore the users if they were not provisioned by SCIM earlier. Is it how it’s expected to work or does it look like an issue? In case of the former, is there any method to implemet the desired configuration?
Soon after asking I figured out a solution :D
In AAD there are 3 checkboxes under Mappings in SCIM settings: “Create”, “Update” and “Delete”. I thought that “Create” should be un-ticked since SCIM is supposed just to update users, however it has led to the behavior I described above. Ticking “Create” solved the issue, now SCIM updates the users as expected.