This article applies to:
- Product edition: inSync Cloud
You may come across an issue where the user creation from IdP to inSync fails with API Response “None of the SCIM Mapping matched to create user”
User creation in inSync using an IdP fails with the following API response:
None of the SCIM Mapping matched to create user.
This solution is applicable only when you use SCIM for user management and not Active Directory.
This issue occurs when:
- The SCIM mapping contains an incorrect attribute name or value.
- The following two mandatory parameters are not sent by the IdP to inSync:
Follow any of the following solutions based on the cause of the error.
For SCIM mapping containing incorrect attribute name or value
- Login to the inSync Management Console and go to Manage > Deployments > Users.
- Create a new SCIM Mappikng.
- Verify the Attribute Name and Value(s) in Filter by SCIM Atribute section.
- Verify that the correct Attribute name and value is added here
- Verify that the Attribute Name is being sent from the IdP for each user along with other attributes.
For example, if you add department in Attribute Name and Finance in Value(s) in the filter, department attribute has to be mapped with the user in IdP and SCIM app as well.
- Verify the filter value for user in IdP.
For example, in the above scenario, user needs to have the value Finance in department attribute
- Attribute name and value are case sensitive in SCIM Mapping. Make sure that the attribute name and value in IdP matches the case in the filter for SCIM Mapping.
- Once all the above points are verified, retry the SCIM API from IdP.
Druva recommends to create a SCIM Mapping without any filter (to allow any user to be created) and keep this mapping in the end of the priority list. This is to ensure that the user is always imported even if all the above SCIM Mapping filters fail.
If the mandatory parameters displayName and userName are not sent by the IdP to inSync
- Login to the IdP admin console using IdP admin credentials
- Review the SCIM application for inSync and confirm whether displayName and userName are mapped and sent correctly to inSync.
- Review the concerned user’s profile and confirm that the user has a valid value for the two attributes.