Share via

1. Accounts are Active in target application 2. same accounts are disabled in Entra ID, Now we would like to disable accounts in target application also via Entra ID SCIM provisioning Is it possible?

Rasimani, Siddaramaiah (Atos) 0 Reputation points
2025-10-10T17:12:54.9766667+00:00

We would like to disable accounts in Target application via Entra ID SCIM provisioning which are already in disabled in Entra ID, when we add disabled accounts in scope and do provision on demand it is giving below error

The User '******@xyz.com' will be skipped due to the following reasons: 1) This object is not active in the source system.

Is there anyway we can force Entra ID SCIM engine to read already disabled users and patch account status active to false in target system?

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 13,120 Reputation points Volunteer Moderator
    2025-10-10T17:41:02.2933333+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    Entra ID SCIM provisioning doesn’t update or send disabled users to target apps, it only processes active ones. Disabled users are skipped entirely, so SCIM won’t patch their active:false status unless they were previously active and later disabled.

    To work around this, you can temporarily re-enable the user, let SCIM sync them, then disable them again, this triggers the proper deactivation patch. Otherwise, you’ll need to manually disable those accounts in the target app.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.