Question

Azure AD SCIM new user create error

  • 21 December 2021
  • 7 replies
  • 1070 views

Userlevel 1
Badge

So I am testing out the SCIM app in the freshworks app list for Azure Active Directory Provisioning (SCIM) developed by “Effy” roughly 3 months ago. 

I have everything implemented and it seems to be working as far as updating users and everything. But anytime the provisioning needs to create a user in FreshService - it errors out creating on Azure side and the error is, umm, very vague.

I have checked all the attributes and everything seems to be correct. But this is the only error it really gives me - see below screenshot for attributes it’s passing and error below that.
 


 

Failed to create User ‘testuser@testing.com' in customappsso

 

Error code

SystemForCrossDomainIdentityManagementServerError

Error message

StatusCode: InternalServerError Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"Oops! Some error occurred"}


7 replies

Hi, I’ve just set mine up, and it works to create users in scope.  I did see on the Provisioning tab in Azure AD, if you edit the attribute mappings, and open the scope settings
 

It has these Object Actions
 


Do you have all of those ticked?

Rob.​​​​​​​

Userlevel 1
Badge

Yessir! They are all ticked. It created the test group I applied to it with users in it in to fresh service. But would not create a new user, which was odd.
Can you show me what attributes you have selected?

Userlevel 1
Badge

@RobS 

I managed to remove the mapping for the address to push over to freshservice and that did the trick. Apparently FreshService doesn’t like that so it was erroring out. All is good now!

Good to hear!  I just used all the default mappings.  I didn’t change anything.  I only applied our IT group to Users and Groups, and selected ‘Sync only assigned users and groups’.  SCIM provisioning is a very useful feature!

Badge +1

Hi @Schwiftyyy , I’m having the same issue as you described here.  Except the error I receive when performing a Provision on Demand is the follow:

Error code

SystemForCrossDomainIdentityManagementServiceIncompatible

Error message

StatusCode: BadRequest Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":[{"field":"employee_id","message":"It should be of type Integer","code":"missing_field"}]}

 

As you can see it’s referencing a field of “employee_id”.  Now I originally added this custom attribute as the FreshService app indicates to do so on the settings tab (see below.)  This is fine because we use this attribute in AAD and FreshService. 

But I’ve since removed this custom attribute and mapping to better troubleshoot what’s causing this issue, removing it by clicking the “Restore default mappings” in the mappings section of the app in AAD, then I confirmed it’s been removed.  

I wondering what other information were you able to reference that led you to figure out it was the mapping for the address that was causing your issue?  Other than the error message above, there really isn’t any other information in the logs to discern what’s causing this issue.

 

Thanks,

MLB

Badge +1

I’ve now deleted the FreshService Provisioning app from my AAD tenant and reinstalled it, following the online instructions exactly, not making any configuration changes.

I add one user to the “Users and Groups” permissions to use the FreshService Provisioning app.

I manually try and provision this test user and I am still receiving the same error referencing the “employee_id”.

 

Export details

 

Failed to create User 'ittest@trilliumstaffing.com' in Freshservice


Error code

SystemForCrossDomainIdentityManagementServiceIncompatible

Error message

StatusCode: BadRequest Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":[{"field":"employee_id","message":"It should be of type Integer","code":"missing_field"}]}

 

Now from what I can dicern form the above error, I need to add the custom attribute “employee_id” to the FreshService attributes within the FreshService Provisioning app, then map the appropriate Azure AD attribute (employeID) to this new FreshService attribute (employee_id).  But there are no instructions on the details of this process.  I know where to make all these changes, but I don’t know the correct format and values the attributes need.  Does anyone have any guidance on this?

 

-MLB

Userlevel 1
Badge

Did you try removing the employee_id attribute from the azure side? Is there any particular reason you need to pass that attribute at all, unless I assume it’s for some reporting or how you track everything?

I see in your screenshot that it does specify it and doesn’t look like you can change it, which seems weird because I never had that when I set mine up. 

I left everything default and just removed the address attributes from the azure claims and everything started working because on Freshservice side, we don’t have those fields in there. 

Reply