FAQ for Microsoft Entra ID

Frequently Asked Questions (FAQs)

1. Do we support inbound provisioning?
No, we only support outbound provisioning.

2. How frequently does Microsoft Entra ID perform user provisioning?
User provisioning is automatically triggered at a default interval of 40 minutes.

3. Can the provisioning be stopped?
You can start, restart, and stop provisioning at any time. Users who already exist in the target application with the same username/ID will be updated.

4. Do we have to restart the provisioning when there is a change in the provisioning scope settings?
Yes, we must restart the provisioning when there is a change in the scope settings.

5. Provisioning logs
Provisioning logs offer valuable insights into the provisioning process, indicating its success, identifying modified properties, and highlighting any failures. To access provisioning logs:

1. Navigate to your application.
2. Go to Manage > Provisioning > View provisioning logs.

For more information, please refer to these links:

• https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-provisioning-logs?context=azure%2Factive-directory%2Fmanage-apps%2Fcontext%2Fmanage-apps-context
• https://learn.microsoft.com/en-us/entra/identity/app-provisioning/how-provisioning-works#errors-and-retries

6. What happens if a user is deleted in Azure?
Contact: When a contact is deleted from Microsoft Entra ID, the corresponding contacts will be soft-deleted and moved to the deleted contacts. All the current tickets requested by this contact will be marked as spam.

Agent: When an agent is deleted from Microsoft Entra ID, that specific agent account is deactivated, and all the unresolved tickets are transferred to unassigned.

7. What happens if a user is unassigned from the app in Azure?
Contact: When a contact is unassigned from Microsoft Entra ID, the corresponding contacts will be soft-deleted and moved to the deleted contacts. All the current tickets requested by this contact will be marked as spam.

Agent: When an agent is unassigned from Microsoft Entra ID, that specific agent account is deactivated, and all the unresolved tickets are transferred to unassigned.

8. What happens if a user is deleted in BoldDesk after initial syncing?
The user will be reactivated if there are any changes in Microsoft Entra ID.

9. What are the potential causes for the Azure AD User Provisioning Application entering quarantine mode?
• The secret token generated for the Azure AD User Provisioning Application is invalid or expired or doesn’t have the right permission.
• A considerable number of failures occurred while creating, updating, or deleting users.
• When the Microsoft Entra ID app is not installed in BoldDesk.

For further information on why the application enters quarantine mode and the necessary steps to resolve it, please refer to Azure Active Directory documentation.

10. What happens if custom app roles are changed?
User provisioning will not work if custom app roles are changed.

11. How to sync the users in groups?
To sync users in groups, follow these steps:

12. Which permission is required to authenticate an app in the azure portal?
To authenticate the SCIM API in the Azure portal, users must have the Manage App permission within the Admin module on the BoldDesk site.