PATCH request with operator "Remove" not getting sent when removing a member from a group
Question
I am looking into Azure AD SCIM Provisioning and I have a question I am hoping I could get some help on. My use case is as follows
- I created a Group in Azure AD and added "John Smith" and "Jane Smith" as members to it.
- I went over to my Non-Gallery application added the Group created above to my application and triggered an On-Demand provisioning.
- Both "John Smith" and "Jane Smith" were successfully created in my local database.
- I removed "John Smith" from my group and triggered an On-Demand provisioning again.
- My expectation was that the following PATCH request would be sent by Azure Ad
"Operations": [
{
"op": "Remove",
"path": "members",
"value": "john-smith-id"
}
]
but instead Azure AD sends a PATCH request to /Users with the following body
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Add",
"path": "displayName",
"value": "John Smith"
}
]
and another PATCH request to /Groups with the following body
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Add",
"path": "externalId",
"value": "some-guid"
}
]
Is this correct? I feel like I am messing something up when removing the member from the Group which isn't triggering the desired PATCH request
1 answers
solution1
0 2022-09-13 20:17:20
After step #4, I would recommend checking if the user has successfully been removed from the group.
Also, make sure that you're using the right rule ID in the on-demand provisioning request. One easy way to do this is to try through the UI and look at the network traffic ctrl+shift+i
The rule ID can be found in the schema.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.