I am building a custom SCIM client that will be connected to Azure AD (using an Enterprise Application). I am only interested in user synchronization, I do not need group information.
My question is if I only implement the
/Userendpoint and not the/Groupendpoint, will the/Userendpoint if the provisioning is done using groups (and not user) from the AAD portal?
If you assign a group containing users to the application in AAD but do not support /Groups, the provisioning job will still work fine. It will pull a list of all of the users that are members of the groups and use the group as a boundary for scoping what accounts are included in provisioning.