Azure - SCIM / Entra ID Provisioning: How to remove user attributes in the target system?

Powerslave
December 4, 2024
92 views
0 votes
2 Answers

GET Users/{Id} returns the following json:

{
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ],
  "id": "16960d38-728d-4865-925c-165caf50708d",
  "externalId": "16960d38-728d-4865-925c-165caf50708d",
  "userName": "[email protected]",
  "name": {
    "givenName": "",
    "familyName": "Foo"
  },
  "active": true
}

When I change the value of the "familyName" or "givenName" attribute in MS Entra, Entra makes a PATCH request with the following body:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "Add",
      "path": "name.givenName",
      "value": "Bar"
    },
    {
      "op": "Replace",
      "path": "name.familyName",
      "value": "Foo2"
    }
  ]
}

But when I delete the "familyName" or "givenName" attribute in Entra, Entra does NOT send a "Remove" "op".

Why is that? And how can I remove the attribute in my target system then?

Thank you in advance!

Answers

Chosen as BEST ANSWER
- Powerslave
- December 4, 2024 at 7:33 am
- 0 votes
0
I just tried setting the value in Entra to " " (one whitespace character) instead of "" and this works for string fields. :P At least a little workaround.

(Edit)

- Zollnerd
- December 3, 2024 at 8:31 pm
- 0 votes
0
Entra’s app provisioning service doesn’t support removing values from attributes at this time.

See: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/known-issues?pivots=app-provisioning#null-attribute-cant-be-provisioned

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Azure – SCIM / Entra ID Provisioning: How to remove user attributes in the target system?

Answers