Problem description
If the user account was provisioned on inSync admin via SCIM app configured on the Azure side.How to prevent the SCIM app from preserving the user account on the inSync admin console.
Cause
Automatic preserving of user accounts on the inSync side imported via SCIM happens in the following scenario.
If the user account has been deleted from the Azure side,
If the user account has been disabled from the Azure side.
If the user account has been unassigned from the SCIM app (removed within the scope of SCIM app)
Resolution
Go to the inSync SCIM app configured under Enterprise applications on the Azure
Click on the “Provisioning”
Click on “Edit provisioning”
Here Under the Mappings click on the blue hyperlink text “Provision Azure Active Directory users”
Here under the Attribute mapping click on Not([IsSoftDeleted]) Azure Active Directory Attribute
Here Not([IsSoftDeleted]) attribute is responsible for triggering the API call to disable the user accounts on insync admin if disabled, deleted or unassigned from the Azure side.
📝 Note
Before altering the changes to stop SCIM app from preserving the user accounts on the inSync admin console. Make sure to take a screenshot of the current settings seen under the “Edit Attribute view opened on the right side of the page. So that in future if you want to enable automatic preserving of user accounts you can reconfigure this attribute value looking at the screenshot.
Under Edit Attribute settings for Not([IsSoftDeleted]), change the following
Change Mapping type to None from the drop down box.Once done you will see the edit attribute as below