'Azure SCIM provisioning of only AD groups
In a youtube movie about Azure AD integration i saw the SCIM provisioning screen come by. On this screen its possible to set the mappings and to enable/disable Azure AD Users or Azure AD groups synchronizing. Now does this mean that it is possible to only provision AD Azure groups and not AD users and still be able to provide SSO? We would like have group management (putting users in groups) in Azure and provision those AD groups as roles in SF, so we can set privileges on these roles. Is that an option? Or do we always need to sync Azure AD users as SF users too?
Kick
Solution 1:[1]
In order for AAD provisioning to manage the members of a group, it must manage the members. That means that you must have AAD provisioning of users also enabled, and any users that will be assigned to any of the managed groups also assigned/in scope for provisioning.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Zollnerd |