Group Sync via Azure OIDC SCIM Connection

Question

Hello! I have recently been tasked with migrating off of the onprem python job of syncing users from active directory to the adobe identity management tool. When reveiewing all of the documentation for SCIM provisioning for Adobe, there is no documentation about group management via SCIM. When trying to test user sync between Azure and Adobe, I noticed that the user account will get recreated and no groups will be added to the user, so all products and groups information gets deleted. Are there detailed instructions somewhere on how to adjust the SCIM user and or group mappings to send this group and product zone to adobe so that information is synced correctly? Or are there ways to manually map the group name to what currently exists in Adobe as they are different and synced via this python job?

Ashish_Harrison · Accepted Answer

Hi @Ben298571795akb you need to turn off UST/UMAPI and switch to Azure SCIM. If you find this answer incorrect could you please provide the information you found?Thanks!

Ashish_Harrison · Answer

Hi @Ben298571795akb you can sync user groups and nested groups from Azure to Adobe Admin Console; you need a Premium (P1 or P2) or Microsoft 365 (E3 or A3) subscription.

As Azure takes time, I recommend you try with 1 user group for testing.

Synced user group names cannot be changed as Azure manages them.

For more, you can refer to the help documents:

https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/adobe-identity-management-provisioning-tutorial#step-5-configure-automatic-user-provisioning-to-adobe-identity-management

https://helpx.adobe.com/in/enterprise/using/add-azure-sync.ug.html#notes-before-sync

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded