Aquera Provisioner

Known issues and limitations

The following are known issues or limitations with the Aquera Provisioner.

Known issues

There are no known issues.

Known limitations

SP connections

  • The Unique User Identifier cannot be changed in an SP connection configuration. To change to a different Unique User Identifier, delete the existing connection, restart PingFederate, and then create a connection with the new Unique User Identitier.

  • All SP connections with the same target must use the same Unique User Identifier. If multiple SP connections are created for the same target, every subsequent connection will use the Unique User Identifier configured in the first connection that was created.

Attributes

  • When mapping attributes, Aquera can return invalid schemas for some services. This can cause unexpected behavior. If you experience issues, confirm the correct schema in the documentation for the target service.

  • If the target service does not specify type or primary information on multi-value attributes (email, phone, address), unexpected behavior can occur. During an update, existing attributes on the SaaS may not be removed, and the desired value may not be correctly set as primary.

  • The connector cannot clear a user attribute once it has been set.

Other

  • This connector does not support PATCH user updates.

  • When an LDAP user is deleted in a targeted group distinguished name (DN), the provisioning connector does not propagate the deletion until a new user is added to the group. This limitation is compounded when the User Create provisioning option is disabled. For solutions, see SaaS provisioner does not remove the user in the Knowledge Base.

  • If the target service interprets or implements the SCIM standards differently, it can result in unexpected behavior.