Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

Enter your idea

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

SCIM defects
The Azure AD SCIM client does not follow the SCIM Base URI properly.
As per, https://tools.ietf.org/html/rfc7644#section-1.3,
The resource relative paths (e.g. /Users) needs to be appended to the configured Base URI.
Azure AD is instead appending "/scim/Users" to the URI configured on the Provisioning tab of the app. If my SaaS application requires the tenant ID in the path (e.g. https://bla/scim/tenantID/), this is not possible with Azure's client.

The Azure AD SCIM client doesn't implement a proper OAuth2 client. It simply asks for the OAuth bearer token to be provided in the configuration. This is no good since bearer tokens need to expire for security reasons. The SCIM client should instead implement the OAuth2 client credentials grant or password grant to a configurable OAuth2 token endpoint.
The Azure AD SCIM client does not follow the SCIM Base URI properly.
As per, https://tools.ietf.org/html/rfc7644#section-1.3,
The resource relative paths (e.g. /Users) needs to be appended to the configured Base URI.
Azure AD is instead appending "/scim/Users" to the URI configured on the Provisioning tab of the app. If my SaaS application requires the tenant ID in the path (e.g. https://bla/scim/tenantID/), this is not possible with Azure's client.

The Azure AD SCIM client doesn't implement a proper OAuth2 client. It simply asks for the OAuth bearer token to be provided in the configuration. This is no good since…
32 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

7 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

started · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

The first issue is fixed as described here: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-provisioning-config-problem-scim-compatibility

OAuth authorization code grant flow is now supported for new apps that want to be added to the Azure AD app gallery. You can request your app be added here – https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-app-gallery-listing

Work is underway to make the authorization code grant flow available for custom apps.

Link to understand the code grant flow – https://tools.ietf.org/html/rfc6749#page-24
serviceNow

I think there is significant area for improvement of the Auto Provisioning functionality when dealing with referenced fields.

For example, the user table within ServiceNow looks similar to the sample snippet below:

TABLE - User [sys_user]

FIELD - Username [username] - string
FIELD - Name [name] - string
FIELD - Email [email] - string
FIELD - Department [department] - references Department [cmndepartment] table
FIELD - Location [location] - references Location [cmn_location] table
FIELD - etc. etc.

Provisioning from Azure - in the cloud - is an awesome alternative to the previous configuration of having ServiceNow communicate with on-prem AD via LDAP/LDAPs/MID server/etc. because both Authentication and Provisioning can happen from the same source.

One limitation is the ability for Azure to create new values within tables that are referenced from the user table (such as Department and Location in the example above). The value has to already exist within ServiceNow for Azure to properly map it.

Given the following use case... it is tough to fully transition from on-prem configuration to a fully automated cloud configuration without the need for additional “swivel-chair” work.

Example:

I have and am mapping all of my users into ServiceNow from Azure, with the exception of service accounts, etc.

Those users are spread across 4 locations and 8 departments for example.

Departments:
Finance, IT, DevOps, HR, Facilities, Engineering, Sales, Marketing

Locations:
Baltimore, Philadelphia, D.C., Boston

If I know all of this information when initially setting up my ServiceNow environment, there isn't too much of an issue. I can create the 4 location records in the Location table and 8 records on the Department table. Then, I set up the provisioning integration with Azure and users will get assigned to those locations as long as the string value in physicalDeliveryOfficeName or city (whatever I have mapped to that attribute) something of the sort contains the same value as the record in my referencing table.

The situations where this becomes an issue, is for example... if I want to create 10 new Locations and 40 new departments for my users. Not only do I have to update users accounts in Azure to list them in the new locations, I also have to make sure to create every value (as it exists on the users’ record – no differences in spelling – example “D.C.” vs “DC”) within ServiceNow as well (within the corresponding tables)

So, when I add the location of "Chicago" I also need to make sure that the location table within ServiceNow contains a location called "Chicago" that we can reference. If not, that user will exist in ServiceNow with no location.

This isn’t so bad for the small example that I mentioned above, but when you apply this concept to a large enterprise with 100s of Locations and 100s of Departments changing regularly… it is really hard to manage user provisioning entirely from Azure into ServiceNow.

The (old “non-cloud”) alternate of have ServiceNow pull AD users via LDAP allows for the following concept when dealing with reference fields.
“The ‘department’ attribute is mapping to the Department table within ServiceNow”
Is a match found for this department (eg. “Maintenance”)?
Yes – associate that user to the “Maintenance” related record.
No – you can choose how you would like it to proceed
1. Create – meaning if I find a value that doesn’t exist yet while pulling in new users, create the record on the referencing table
2. Ignore – meaning if I find a value that doesn’t exist yet while pulling in users, don’t create the new record just skip over assigning the user’s department
3. Reject – meaning if I find a value that doesn’t exist yet while pulling in users, reject the users insert/update entirely… move on to the next object in the list of users

This is one disadvantage of pulling the “logic” of user provisioning out of ServiceNow and having it handled from with Azure

I think there is significant area for improvement of the Auto Provisioning functionality when dealing with referenced fields.

For example, the user table within ServiceNow looks similar to the sample snippet below:

TABLE - User [sys_user]

FIELD - Username [username] - string
FIELD - Name [name] - string
FIELD - Email [email] - string
FIELD - Department [department] - references Department [cmndepartment] table
FIELD - Location [location] - references Location [cmn_location] table
FIELD - etc. etc.

Provisioning from Azure - in the cloud - is an awesome alternative to the previous configuration of having ServiceNow communicate with on-prem…

15 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

Thanks for the feedback. We are looking into revamping our ServiceNow connector. Will update this thread as we make progress.

/Arvind
Integrate site mapping for Samanage App

I am provisioning users from AAD to Samanage and I am trying to map the AD attribute "physicalDeliveryOfficeName" to the Samanage "site" attribute. This mapping is currently not supported and I would find it useful.

13 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

2 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

Thanks for the feedback, we will review.
Azure AD - SaaS - SCIM provisioning of AD attribute thumbnailPhoto

Azure AD SCIM Provisioning should allow for the provisioning/mapping of the AD attribute thumbnailPhoto to SaaS applications. This value is already present within Azure.

11 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

6 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

need-feedback · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

What format would you like the pictures to be provisioned in (jpeg, PNG, GIF, etc.)?
Allow for additional user profile attributes to be updated to applications beyond user name, manager, active status and language.

Currently only able to update the following from Azure AD to Cornerstone On Demand App:

cornerStoneUser.Contact.Name.Last

cornerStoneUser.Contact.Name.First

cornerStoneUser.Active

cornerStoneUser.Organization.Manager

cornerStoneUser.Language

We would greatly benefit from being able to update the Department/Division attribute as well, as we have a moderate amount of movement between Departments within our organization.

7 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

Hi we are looking at how best to address this.

/Arvind
User provisioning: optimized

User/Group provisioning: optimize SCIM requests

Please optimize SCIM requests. We found that Azure (unlike other SCIM clients) makes requests as "small" as possible, thus making multiple requests in a short span of time. This is sub-optimal and uses up a lot of "bandwidth/resource" on our side.

For example:
1. provisioning a group with 5000 memberships. instead of creating a new group with 5000 members or making a single patch with 5000 members to add to, Azure AD SCIM makes 5000 individual PATCH requests.
2. provisioning a user. instead of making a single POST call with all the attributes as stated in the map, Azure AD would make 1 POST with just some attributes and then make 1 or 2 more subsequent PATCH requests to add additional attributes.

Why is AAD SCIM doing things so sub-optimally? Especially when SCIM has http code 429 support and SCIM rate limiting.

Please OPTIMIZE the requests on AAD side!!!

User/Group provisioning: optimize SCIM requests

Please optimize SCIM requests. We found that Azure (unlike other SCIM clients) makes requests as "small" as possible, thus making multiple requests in a short span of time. This is sub-optimal and uses up a lot of "bandwidth/resource" on our side.

For example:
1. provisioning a group with 5000 memberships. instead of creating a new group with 5000 members or making a single patch with 5000 members to add to, Azure AD SCIM makes 5000 individual PATCH requests.
2. provisioning a user. instead of making a single POST call with all the attributes as stated…

7 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

1 comment · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

Thanks for the feedback. We will review. Does your application support the /Bulk endpoint as well?
Make Azure Groups PATCH remove operation SCIM v2 compliant

The request body for Update Group [Remove Members] is not compliant with the SCIM v2 specification.
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups#update-group-remove-members

Azure is specifying the member value they want deleted in the "value" property. SCIM specification states that the member value that would be removed in the PATCH operation needs to be set in the "path" property, not "value". The "value" property should actually never be sent in a PATCH remove operation per specification.
https://tools.ietf.org/html/rfc7644#section-3.5.2.2

If a Service Provider that implemented SCIM per specification were to receive PATCH remove request from Azure as is documented above, that request would result in ALL users being removed from the group.

Azure should to be corrected to be SCIM compliant for this request type.

The request body for Update Group [Remove Members] is not compliant with the SCIM v2 specification.
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups#update-group-remove-members

Azure is specifying the member value they want deleted in the "value" property. SCIM specification states that the member value that would be removed in the PATCH operation needs to be set in the "path" property, not "value". The "value" property should actually never be sent in a PATCH remove operation per specification.
https://tools.ietf.org/html/rfc7644#section-3.5.2.2

If a Service Provider that implemented SCIM per specification were to receive PATCH remove request from Azure as is documented above, that request would result in ALL users being…

6 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

1 comment · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

Thank you for the feedback, we will review.

/Arvind
Allow Attribute Mapping to be Re-enabled without a Reset After Being Disabled for SCIM and ServiceNow, etc. User Provisioning Syncs

To reproduce this, set up a ServiceNow sync with an Enterprise Application by putting in admin credentials and disabled the Group attribute mapping and save. There is no way to re-enable this via the UI without resetting your attribute mappings to default, which causes you to lose your customization work to the user attribute mapping.

(I'm assuming this applies to other SCIM provisioning UI's as well beyond just the ServiceNow one.)

It should be easier to re-enable a group or user object type attribute mapping without losing your customization for the other when it's disabled.

4 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

1 comment · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

planned · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

This is a bug on our side and we will fix it. As a workaround you can use the Microsoft graph to enable the object again. You will need to update schema and set enabled = true and sourceName = “user” or “Group” based on which option you’re trying to bring back. Apologies for having to use the workaround. https://docs.microsoft.com/en-us/graph/api/synchronization-synchronizationschema-update?view=graph-rest-beta&tabs=http

/Arvind
Azure AD User provisioning service : Adding a Staging/Preview mode

Please add a Staging/Preview mode for the Azure AD User Provisioning Service.
It should be possible in an initial setup to test a new provisioning interface and receive a report on what will be changed in an end application. This gives the possibility and security that a new interface can be set up productively.
There is currently a risk that unwanted changes will be made.
As a suggestion; extension of the Scope field by
- Sync all users and groups (Preview only)
- Sync only assigned users and groups (Preview only)

4 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

1 comment · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

This is something we are starting to design this quarter
Make provision sync on demand

Make provision sync on demand for testing purpose.

User and group sync normally takes about 5~30 minutes. It is very inconvenient and inefficient for testing. Azure AD should allow on demand sync when it is testing phase and the total users are less than a numbers, for example 50.

4 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

started · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

The first version of this will be available soon. Please let us know if you would like to try it out.

/Arvind
Enterprise App provisioning needs more detailed Quarantine errors

I have a customer who sees a couple of their Enterprise applications are Quarantined due to high number of errors. For some reason they don't see the errors in the audit logs. When I researched the errors on the backend I found they had the following error code: DiceCredentialValidationFailure. Here is the most recent error message: Credentials passed are invalid for applicationId=

Once armed with that knowledge, I was able to work with the customer to create a new Admin credential for the application.

We would like to see that level of error reporting in the customer viewable audit logs so they can self remediate the issue.

I have a customer who sees a couple of their Enterprise applications are Quarantined due to high number of errors. For some reason they don't see the errors in the audit logs. When I researched the errors on the backend I found they had the following error code: DiceCredentialValidationFailure. Here is the most recent error message: Credentials passed are invalid for applicationId=

Once armed with that knowledge, I was able to work with the customer to create a new Admin credential for the application.

We would like to see that level of error reporting in the customer viewable audit logs…

3 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

planned · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

We plan to make the quarantine message more verbose. Thank you for the feedback.
Push Profile Photo and Manager via scim

It appears that user's profile photo and manager are currently not pushed by Azure AD when it does a SCIM sync. Add support for pushing those attributes.

3 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

1 comment · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

need-feedback · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

Hi we are currently designing this feature. What format does your application support for photos (Jpeg, PNG, GIF)?
Application Provisioning Attribute Mapping Configuration Backup for last 5 changes

During recent incident I came to know the Provisioning Configuration changes details does not get backed up. i.e. attribute changes which we make on attribute mapping. Only a text message get recorded the when changes are performed. It never record what changes were made. If Microsoft provide anyone functionality it will be helpful for all Azure customer.

Option 1) Provide backup for provisioning application schema for the last 5 configuration changes which can be access by Admin. It will help Admin to restore from the backup if incase of any failure while updating the Schema

Option 2) Currently Microsoft records the change with below text "Updated attribute mappings for [Application Name]. Provisioning will be restarted". If Microsoft also record the attribute mapping changes as well. It will be easy to restore if required.

During recent incident I came to know the Provisioning Configuration changes details does not get backed up. i.e. attribute changes which we make on attribute mapping. Only a text message get recorded the when changes are performed. It never record what changes were made. If Microsoft provide anyone functionality it will be helpful for all Azure customer.

Option 1) Provide backup for provisioning application schema for the last 5 configuration changes which can be access by Admin. It will help Admin to restore from the backup if incase of any failure while updating the Schema

Option 2) Currently Microsoft records…

2 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

Thanks for the feedback. We are looking to add more detail to our audit logs. This is good feedback.
Remove possibility for mapping to readonly ID attribute

According to RFC 7643 section 3.1 “The value of the "id" attribute is always issued by the service provider and MUST NOT be specified by the client.” But in fact azure portal allows mapping to “id” attribute which is violation of RFC.
RFC https://tools.ietf.org/html/rfc7644#section-3.12 specifies that service provider should respond with “Bad Request” to these invalid requests. There is even example of such response in the end of section 3.12.

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

Thanks for the feedback. Will review with the team.
Need to be able dismiss errors from UI

I have a customer that is getting some errors which are not actionable showing up in their Reporting and in the main page for Provisioning. These errors do not impact the sync and they would like a way to mark them as handled or ignore so they can quit showing up in the UI and the reporting. This is similar to the request in https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/36173572-clean-up-old-sync-errors.

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

need-feedback · 1 comment · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →
Allow Scope Filtering Based On Group Type

It would be very useful to allow for scope filtering of groups by Group Type. Currently, there's no easy way to filter out groups based on whether they're Office, Distribution, Security, etc.

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

need-feedback · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

Could you please describe the scenario where the specific distribution type is needed as a scoping filter?
Azure AD User provisioning service : Support Contains Function in Attribut Flow Expression

Adding a new Expression for https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/functions-for-customizing-application-data called Contains(source[Multivalue], ValueRule).

This allowes multiple AppRoleAssignments and to set the correct Roles in the SaaS application.

As a reference SAP Concur with Roles like:
- Travel user
- Expense user

instead of
- Travel user
- Expense user
- Travel and Expense user

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

Thanks for the feedback, we will review
Azure AD User provisioning service : Allow accessing diagnostic logs

It should be possible to get diagnostic logs, like API calls from the Azure Portal in case of an exception, so that a troubleshooting is possible without contacting the MS support.

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

1 comment · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

need-feedback · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

Could you please clarify what types of API calls / what scenarios you’ve needed this information?
Azure connector sync issues

We are trying to auto provision Salesforce users using Azure AD connector. We want certain attributes like ManagerId and Department to be in sync with AD always. So we had set that to "Always" in the set up. But our observation says that, when these values are changed in AD, it is updating to the new values in Salesforce. But if these values are changed in Salesforce, they are not getting overwritten with the values from AD in Salesforce. Which means, now they are out of sync.
Since we have set that to "Always", we expect these attributes to be in sync always
We are trying to auto provision Salesforce users using Azure AD connector. We want certain attributes like ManagerId and Department to be in sync with AD always. So we had set that to "Always" in the set up. But our observation says that, when these values are changed in AD, it is updating to the new values in Salesforce. But if these values are changed in Salesforce, they are not getting overwritten with the values from AD in Salesforce. Which means, now they are out of sync.
Since we have set that to "Always", we expect these attributes to be…

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Provisioning to Applications · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

Thanks for the input. The way the service works today we leverage the delta query API provided by AD graph to constantly check for changes and apply them to the target application. We are aware of changes in Azure AD and have a way of reflecting them in the target application. We don’t have a way today of getting changes directly from Salesforce but are looking at how we can make this possible.

Don't see your idea?

Azure Active Directory

How can we improve Azure Active Directory?

SCIM defects

serviceNow

TABLE - User [sys_user]

TABLE - User [sys_user]

Integrate site mapping for Samanage App

Azure AD - SaaS - SCIM provisioning of AD attribute thumbnailPhoto

Allow for additional user profile attributes to be updated to applications beyond user name, manager, active status and language.

User provisioning: optimized

Make Azure Groups PATCH remove operation SCIM v2 compliant

Allow Attribute Mapping to be Re-enabled without a Reset After Being Disabled for SCIM and ServiceNow, etc. User Provisioning Syncs

Azure AD User provisioning service : Adding a Staging/Preview mode

Make provision sync on demand

Enterprise App provisioning needs more detailed Quarantine errors

Push Profile Photo and Manager via scim

Application Provisioning Attribute Mapping Configuration Backup for last 5 changes

Remove possibility for mapping to readonly ID attribute

Need to be able dismiss errors from UI

Allow Scope Filtering Based On Group Type

Azure AD User provisioning service : Support Contains Function in Attribut Flow Expression

Azure AD User provisioning service : Allow accessing diagnostic logs

Azure connector sync issues

Feedback