If the user account was provisioned on inSync admin via SCIM app configured on the Azure side.How to prevent the SCIM app from preserving the user account on the inSync admin console.
Automatic preserving of user accounts on the inSync side imported via SCIM happens in the following scenario.
- If the user account has been deleted from the Azure side,
- If the user account has been disabled from the Azure side.
- If the user account has been unassigned from the SCIM app (removed within the scope of SCIM app)
- Go to the inSync SCIM app configured under Enterprise applications on the Azure
- Click on the “Provisioning”
- Click on “Edit provisioning”
- Here Under the Mappings click on the blue hyperlink text “Provision Azure Active Directory users”
- Here under the Attribute mapping click on Not([IsSoftDeleted]) Azure Active Directory Attribute
- Here Not([IsSoftDeleted]) attribute is responsible for triggering the API call to disable the user accounts on insync admin if disabled, deleted or unassigned from the Azure side.
Note : Before altering the changes to stop SCIM app from preserving the user accounts on the inSync admin console. Make sure to take a screenshot of the current settings seen under the “Edit Attribute view opened on the right side of the page. So that in future if you want to enable automatic preserving of user accounts you can reconfigure this attribute value looking at the screenshot.
Under Edit Attribute settings for Not([IsSoftDeleted]), change the following
- Change Mapping type to None from the drop down box.Once done you will see the edit attribute as below