Azure Groups PATCH remove operation not SCIM v2 compliant

[brandonmmurphy]

The request body for Update Group [Remove Members] is not compliant with the SCIM v2 specification. https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups#update-group-remove-members

Azure is specifying the member value they want deleted in the "value" property. SCIM specification states that the member value that would be removed in the PATCH operation needs to be set in the "path" property, not "value". The "value" property should actually never be sent in a PATCH remove operation per specification. https://tools.ietf.org/html/rfc7644#section-3.5.2.2

If a Service Provider that implemented SCIM per specification were to receive PATCH remove request from Azure as is documented above, that request would result in ALL users being removed from the group.

Azure should to be corrected to be SCIM compliant for this request type.

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 45cb3eec-7693-4e22-bcde-3f85d5a4be14
• Version Independent ID: 506c3302-e823-8f1e-d547-083ef0b664df
• Content: Automate provisioning of apps using SCIM in Azure Active Directory
• Content Source: articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md
• Service: active-directory
• Sub-service: app-mgmt
• GitHub Login: @CelesteDG
• Microsoft Alias: celested

[shashishailaj]

@brandonmmurphy Thank you for your feedback . We will review this and have this updated as needed.

[brandonmmurphy]

@shashishailaj The documentation correctly describes how Azure is working today. This is actually an issue with the Azure platform, not the docs.

Is there a different process for reporting issues with the Azure product?

[shashishailaj]

@brandonmmurphy Thank you for clarification . Yes for reporting issues with the product you can provide us feedback through the user-voice website https://feedback.azure.com/forums/169401-azure-active-directory . there are threads on SCIM defects which you may find . I agree that the Azure AD SCIM implementation is not completely as per SCIM v2 specifications.

Please use https://feedback.azure.com/forums/169401-azure-active-directory to report any Platform issues for Azure AD .

We will close this issue now as there are no further actions pending on this request. We appreciate you taking time to report this however this will need to be reviewed by Product engineering to make any changes to the platform . I would suggest reporting it on the uservoice forums. It is directly managed by the engineering .

Thank you.