- SCIM with Entra ID
- SSO and SAML groups previously working
- Groups are showing up but getting user errors, only some users are showing up in groups.
- The existing users are the ones not mapping
- Group names are the same in Entra and in SonarQube
- Error:
-
Provision urn:ietf:params:scim:schemas:extension:enterprise:2.0:User in customappsso
-
Description Failed to create User ‘*******@company.org’ in customappsso
-
We’ve been using SSO with SonarQube Cloud since we setup or Enterprise and org in Sept 2025. I’m adding SCIM, no changes to SSO, and it revalidated successfully after SCIM setup. I’ve followed all the instructions, including the additional flag for Entra ID, and everything is green and syncing, but we’re getting provisioning errors in Entra that it can’t create the users. Below are the attribute mappings for SSO and SCIM. Both have userName = userPrincipalName as the match key, but the attribute mapping for the name setup appears to be backwards. For new users (added with SCIM) the userPrincipalName is showing up in the ID and the display name is the “name” of the member, but the ones that existed (from SAML) are the opposite way.
SCIM- Name: userPrincipalName, ID: display_name (Example- John Smith, smithj@mycompany.org-ABCd@saml-{UUID})
SAML/SSO - Name: displayName, ID: userPrincipalName (Example- SmithJ, John.Smith@mycompany.org-ABCd@saml-{UUID})
How do I get the provisioning to properly pull members into the groups? Do I need to somehow fix the name attribute mapping first?
SSO:
SCIM:
