I am building a custom SCIM client that will be connected to Azure AD (using an Enterprise Application). I am only interested in user synchronization, I do not need group information.
My question is if I only implement the
/User
endpoint and not the/Group
endpoint, will the/User
endpoint if the provisioning is done using groups (and not user) from the AAD portal?
If you assign a group containing users to the application in AAD but do not support /Groups, the provisioning job will still work fine. It will pull a list of all of the users that are members of the groups and use the group as a boundary for scoping what accounts are included in provisioning.