azureazure-active-directoryscim2

Azure AD SCIM client implementation - Users/Groups clarification


I am building a custom SCIM client that will be connected to Azure AD (using an Enterprise Application). I am only interested in user synchronization, I do not need group information.

My question is if I only implement the /User endpoint and not the /Group endpoint, will the /User endpoint if the provisioning is done using groups (and not user) from the AAD portal?


Solution

  • If you assign a group containing users to the application in AAD but do not support /Groups, the provisioning job will still work fine. It will pull a list of all of the users that are members of the groups and use the group as a boundary for scoping what accounts are included in provisioning.