Azure Active Directory SCIM:组的取消配置成员无法正常工作 [英] Azure Active Directory SCIM: Deprovision member of a group not working

问题描述

使用Azure AD Premium，Enterprise App&SCIM 2.0供应范围-仅分配了用户&组

Using Azure AD Premium, Enterprise App & SCIM 2.0 Provisioning Scope - Only assigned Users & Groups

我正在尝试下面的用例:

I'm trying to work through the use case below:

分配给给定广告组的用户的SCIM设置

SCIM provisioning of users that are assigned to a given AD Group

• 将用户添加(设置)到组中后，它会正确触发PATCH/Groups/{Id}以添加该组成员
• 从组中删除(取消配置)用户后，不会正确触发PATCH/Groups/{Id}来删除该组成员

• When a user is added (provisioned) to a group it correctly fires off a PATCH /Groups/{Id} to add member of the group
• When a user is removed (deprovisioned) from the group it does not correctly fires a PATCH /Groups/{Id} to remove member of the group

我在做什么错了?

此外，我不知道执行哪个调用Azure活动目录来了解谁当前是给定组的成员.(我注意到，AAD对我的SCIM/组服务实现的每次调用都将 excludedAttributes = members 作为查询参数)

In addition, I wonder which call azure active directory executes to get to know who is currently member of a given group. (I've noticed that every call AAD makes to my SCIM/group service implementation has the excludedAttributes=members as query parameter)

任何建议表示赞赏.

推荐答案

从我的看到，Azure SCIM将此请求发送到组终结点:

From what I saw, Azure SCIM sends this request to groups endpoint:

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations": [
        {
            "op": "Remove",
            "path": "members",
            "value": [
                {
                    "value": "49a5f81e-9f63-4f5e-b3e8-41db044c1af9"
                }
            ]
        }
    ]
}

在开发过程中，我使用ngrok来查看来自Azure SCIM集成的分析请求.

I use ngrok during the development to see an analyse requests from Azure SCIM integration.

这篇关于Azure Active Directory SCIM:组的取消配置成员无法正常工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！