This is the best video on the platform so far, thank you . Now I'm wondering if it is possible to send user data to an API endpoint in our web application after creating, deleting or updating a user in Entra ID/Azure AD. So both parties remain in sync.

Awesome overview, thanks Nick.

Hey. Awesome work by the way! Just a quick question here: Is there a way to send the users via API to be a part of certain AD Groups if I am using API Driven Inbound provisioning for on-premises AD while provisioning. We can do for Entra Only Groups via Workflows but what if there is a requirement for adding the users on-premises AD Groups. Thanks

Legendary turotial. Thanks mate!

Great stuff. Much appreciated. But will it be feasible to run in a trustless, disconnected multi-forest setup? So we would somehow have to distinguish if a user should go to AD1, AD2 or even AAD only... 🤔

Great Work Nick

How do you deconflict UPNs - for example, John Doe is already an employee, and you hire another employee with the same name...

One question, how to handle passwords with user provisioning? This would create accounts without password? Not looking for identity workflow related licenses

For anyone using Power Automate, one big thing not mentioned is that by default, Power Automate a HTTP request will not return a 202, only 200. This will not give you a location to query the log, so you can programmatically adjust for errors. The solution is to go into the settings of the HTTP node, and uncheck "Asynchronous pattern". This will give you the 202, with the location in the header. From there you can loop-wait a GET request until the value populates to let you know if it was successful or not.

What’s the best method to send data from BambooHR to the provisioning app?

Nick, you say it’s free for MSPs but you’re using a premium action. Also why create service account as a registered app when you can simply use the Azure AD action to create a new user? I don’t understand why you chose to do it this way.

Hey Nick, I did the test and I got error format, to fix this: For the graph-explorer, It miss in the video the portion: Request headers "Key": Content-type "Value": Application/scim+json excellent video, very helpful for all of us, thank you very much.. I waiting the portion of OAUTH that you told is sound scary

nice, this would have been much more easier if would have not talked about employeeid.. so starting anything with basic works fine and then keep adding layers and complexity. it is completely new concept but at least i got how this provisioning work....

constantly getting error 400 :( { "error": { "code": "UnknownError", "message": "Invalid Data Format", "innerError": { "date": "2024-02-25T10:17:05", "request-id": "###", "client-request-id": "###" } } }