ADFS to SCIM Provisioning

We recently migrated our SAML configuration from ADFS Provisioning (on-prem) to SCIM Provisioning (Azure AD). Within ADFS, we have a claim rule bringing in groups with a wildcard (ie: “group.+” ). Within Azure AD, we are syncing only 3 groups.

I have noticed within the User Management section of the portal, there are many users still part of multiple groups that sync’d via ADFS. I would presume with SCIM it would strip out all the old group memberships and sync only the 3 referenced in Azure AD?

Just trying to understand the reason for this behavior and if other changes should be made.

I think what you need to do is apply Scoping filters in your SCIM configuration to only sync the relevant groups.

1 Like

I’m working with support and backend team has mentioned there is a bug. A patch has been applied to test cloud and I’m told it will be applied to production cloud by the end of this week.

1 Like