We recently migrated our SAML configuration from ADFS Provisioning (on-prem) to SCIM Provisioning (Azure AD). Within ADFS, we have a claim rule bringing in groups with a wildcard (ie: “group.+” ). Within Azure AD, we are syncing only 3 groups.
I have noticed within the User Management section of the portal, there are many users still part of multiple groups that sync’d via ADFS. I would presume with SCIM it would strip out all the old group memberships and sync only the 3 referenced in Azure AD?
Just trying to understand the reason for this behavior and if other changes should be made.