Q: How often will Azure AD update with the Platform?
A: Updates to add users or modify groups in Azure AD will be replicated to the Platform with at most 40 minutes since the modification to the Azure Group.
Q: What happens when a user is removed or deleted from Azure AD?
A: A user is disabled in the Platform for up to 30 days after the user is removed/disabled, after 30 days the user is permanently deleted from the Platform. For more information see Azure's documentation on de-provisioning
Q: Does a removed or deleted user count toward a license for the 30 days before it is removed?
A: No, disabled users do not count to the license assignment limits
Q: How do I log in once the user has been provisioned?
A: SCIM is designed to be used along side SAML. As long as the nameid's match the username, you should be able to log in using SAML.
Q: What if a user already exists in the Platform?
A: SCIM uses a directory system to ensure separation of users and groups. If a user exists in the platform, it will not attempt to create the user. If the user doesn't exist in the platform, the user will be created in the SCIM directory.
Q: What if groups already exist in the Platform?
A: SCIM uses a directory system to ensure separation of users and groups. Group names only need to be unique per user directory so all groups will be created. Only users in the SCIM directory will be added to SCIM groups.
Q: If our company is managed by another directory sync system, how will that work with SCIM?
A: We support the migration of LDAP user synchronization to SCIM user synchronization. We do not currently support migrating local users to SCIM users at this time.
Q: Can I immediately provision users and groups to the Platform without the 40 minute delay?
A: It is possible to immediately provision the user through Azure's provision-on-demand feature. Azure does not currently support groups in this feature.
Q: How long does it take for my users and groups to initially sync up with the platform?
A: The initial synchronization with the iGrafx Platform can take anywhere from 30 minutes up to about 2 days. Refer to the following chart to get a better estimate: How long will it take to provision users?
Q: Are nested groups supported?
A: No. While the iGrafx Platform supports nested groups, according to Azure's provisioning documentation: "The Azure AD user provisioning service can't read or provision users in nested groups."
Q: Do you support other SCIM compliant Identity Providers (IDPs)?
A: While other IDPs support the SCIM standard, we do not actively support them.
Q: Do you support multiple SCIM compliant Identity Providers (IDPs) in one iGrafx Platform?
A: While the Platform is able to have users and groups provisioned through multiple directories, it can only authenticate with one SAML IDP.