Requirement for user synchronization via SCIM Provisioning/App Provisioning

Even when SCIM provisioning is correctly configured and running, individual users may fail to provision if one or more required attributes are missing or incorrectly populated on the user in Microsoft Entra ID. Each required attribute plays a specific role in user identification, display, authentication, or access control. 

Required datapoints

When integrating AskCody with Microsoft Entra ID using SCIM-based automatic user management, the following Entra ID attributes are required for each user:

• ObjectId (Automatically generated in Entra ID)
• Mail (User's work e-mail)
• userPrincipalName
• givenName (First name)
• surname (Surname)
• accountEnabled: True

Why these datapoints are required

ObjectId: This is a unique identifier automatically generated for each user in Entra ID. It ensures that each user is uniquely and consistently identified across both systems, preventing duplication or mismatches. 

Mail: The user's work email address is essential for communication, notifications, and as a secondary unique identifier. It also helps match users who may have been manually created in AskCody before synchronization.

givenName: The user's first name is required for proper display and personalization within AskCody.

surname: The user's last name is also needed for display, identification, and personalization.

accountEnabled: This attribute indicates whether the user's account is active. It allows AskCody to reflect changes in user status (enabled/disabled) from Entra ID, ensuring only active users have access.

Summary Table

If a user cannot access AskCody the reason might be found in the Provisioning log available in Entra ID.

If a user has all required datapoints and is synchronized into AskCody issues with access might be due to changes in access or login. Troubleshooting for this: Why Can't I log in?