Why are custom attributes not included in SCIM user provisioning?

Question

Why are custom attributes not included in SCIM user provisioning?

Mattias Amilon 0

We have set up user provisioning via SCIM on Entra ID.

We have some custom attributes included in the mapping, this was working well up until about three weeks ago (before the Christmas holidays 2024).

But now the attributes are not included in the initial POST request when adding a new user to the application, neither does any subsequent PATCH request follow automatically with the custom attributes.

If we restart the provisioning however, then a PATCH request is sent for all users containing the custom attributes.

The custom attributes are called:

urn:ietf:params:scim:schemas:extension:skovikcustomfields:2.0:User:custom_field1:key
urn:ietf:params:scim:schemas:extension:skovikcustomfields:2.0:User:custom_field1:value

Screenshot 2025-01-17 at 10.33.56

Would greatly appreciate any feedback.

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Akhilesh Vallamkonda 15,340 Reputation points Moderator

2025-01-20T22:18:35.4433333+00:00

Hi @Mattias Amilon
May I know is there is any recent changes to the application or the provisioning configuration? Could Review the provisioning logs in Entra ID to see if there are any errors or warnings related to the custom attributes. This can provide insights into why the attributes are not being included in the initial POST request.
Is attribute Mapping section under the properties for your myExtension1_extensionAttribute value make sure the "Apply this mapping" is "Always"
Mattias Amilon 0 Reputation points

2025-01-21T08:37:14.3433333+00:00

Hi! Thank you for your comment.

No there has been no recent changes to the application or provisioning config on our end.

Of course I have reviewed the logs, both on entra and on our end, and there is no error or warning to indicate some misconfiguration, the values are just missing.

The "Apply this mapping" is, and has always been, set to "Always".
Akhilesh Vallamkonda 15,340 Reputation points Moderator

2025-01-28T18:20:47.12+00:00

Hi @Mattias Amilon
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

1 answer

Your answer

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Akhilesh Vallamkonda 15,340 Reputation points Moderator

2025-01-20T22:18:35.4433333+00:00

Hi @Mattias Amilon
May I know is there is any recent changes to the application or the provisioning configuration? Could Review the provisioning logs in Entra ID to see if there are any errors or warnings related to the custom attributes. This can provide insights into why the attributes are not being included in the initial POST request.
Is attribute Mapping section under the properties for your myExtension1_extensionAttribute value make sure the "Apply this mapping" is "Always"
Mattias Amilon 0 Reputation points

2025-01-21T08:37:14.3433333+00:00

Hi! Thank you for your comment.

No there has been no recent changes to the application or provisioning config on our end.

Of course I have reviewed the logs, both on entra and on our end, and there is no error or warning to indicate some misconfiguration, the values are just missing.

The "Apply this mapping" is, and has always been, set to "Always".
Akhilesh Vallamkonda 15,340 Reputation points Moderator

2025-01-28T18:20:47.12+00:00

Hi @Mattias Amilon
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Answer 1

Hi @Mattias Amilon
May I know is this issue happened again recently? and would like to know why you have used " : " in custom attribute.
According to the SCIM RFC 7643 and RFC 7644, the URN format for custom attributes should follow the pattern urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:CustomAttributeIf the custom attribute is not being provisioned this may be due to the FlowBehavior is not being set correctly to fix this follow the below steps.

In the Entra Admin Center Portal navigate to Enterprise Application Blade, Select your application in the list.
From the left menu select "Provisioning"
Click on “Edit attribute mappings”
Click on “Mappings”
Click on the corresponding Name (Provision Users)
This will “open up” the advanced options. Click on the link for “Review your schema here.
This will take you to the Schema Editor Blade, you may perform keyboard shortcut cntrl+F and search for FlowWhenChanged (or the target attribute name)
This will take you to the Schema Editor Blade, you may perform keyboard shortcut cntrl+F and search for FlowWhenChanged (or the target attribute name)
Find the Attribute you need to change the flowBehavior. Once found, change the FlowWhenChanged to FlowAlways Before:
After: Click “Save”
Use provisioning on demand to test the attribute flow, monitor incremental sync cycles to make sure the attributes are being sent as required.

Hope this helps. Do let us know if you any further queries by responding in the comments section.

Thanks,

Akhilesh V.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Akhilesh Vallamkonda 15,340 Reputation points Moderator

2025-01-29T18:53:08.8066667+00:00

Hi @Mattias Amilon
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Akhilesh Vallamkonda 15,340 Reputation points Moderator

2025-01-30T20:42:00.0633333+00:00

Hi @Mattias Amilon
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Share via

Why are custom attributes not included in SCIM user provisioning?

1 answer

Your answer