Share via

Successfactors to active directory user provisioning

france indo 0 Reputation points
2025-01-15T13:12:44.5166667+00:00

I have an issue with the integration Successfactors to active directory user provisioning.

The attribute personalIdExternal is mapped with employeeId and set to match AD objects using this attribute. However, even I clear the employeeId attribute, the provisioning still updates the AD user.. how the mapping could be done without employeeId (cleared)? It means that entra app could identify the target user without the matching attribute but which attribute was used to?

Here is an example of the issue :

  • AD user 1 > Jane SMITH
  • AD user 2 > John DOE

In SuccessFactors : Jane SMITH doesn't exist only John DOE exists.

In AD (on-prem) : both accounts have been manually created. I am trying to match John DOE (SuccessFactors) to John DOE (AD), I set employeeId same with his personalIdExternal but when I provision on demand, Jane SMITH is updated in AD (with John DOE's data) and not John DOE.

If I delete Jane SMITH's AD account it ll fix the issue but I can delete it because its an active user with mailbox...

I confirm :

  • I didn't set another matching attribute & the change has been replicated to all DCs.
  • I tried with scoping filtrer, it excludes Jane SMITH but John DOE is not updated.
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,821 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,993 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Janaki Kota 305 Reputation points Microsoft Vendor
    2025-01-16T18:19:02.2266667+00:00

    Hello @france indo,

    Thank you for reaching out Microsoft Q&A.

    We understand that you are having issues with the integration SuccessFactors to active directory user provisioning, even after removing the employeeId attribute, the provisioning still updates the AD user.

    To further troubleshoot this issue, please kindly try below steps:

    1.Check user connection and ensure that user in SuccessFactors is properly connected to an existing entry in Active Directory.

    2.Re-sync users from SuccessFactors to Active Directory and see if the issue still persists.

    3.Review the attribute mappings and make sure that the attributes are correctly mapped and consistent between SuccessFactors and Active Directory.

    Kindly refer the document for more information: https://learn.microsoft.com/en-us/entra/identity/saas-apps/sap-successfactors-inbound-provisioning-tutorial#next-steps

    Please reach out to us if you have any questions further.

    Best Regards,

    Janaki Kota

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.