SCIM not provided the user group

Hello Team,
we configured the authentication over SCIM but we are facing one critical issue if AD team disable the user account and after few min. he is enable the user account we facing user account not show any group and user are not able to access ZIA and ZPA service.
Below the snap for ref.

Hi @viveksharma, this looks like it would be best addressed by a support case as it’s likely backend diagnostics will be needed. Do you have a ticket open?

which IDP you are using ?
Check if the sync between your AD and IDP is properly happening.
Verify if Auto provisioning is enabled on portal. If yes disable it.

HI Ramesh,
we are using two authentication for ZIA ADFS and for ZPA Azsure

Hi Vivek,
ADFS won’t support SCIM.
Please verify the claim rules in ADFS.

Hi Ramesh,
can you please suggest how can i will check.


  1. Edit the relying party configured for Zscaler,
  2. Edit Claim Rules
  3. Verify these details mapped with idp SAML auto provisioning in portal.

Also verify the smal response from any user machine using header trace/fiddler