Known issues and limitations

User attributes cannot be cleared once set, they can only be updated.

Due to a limitation with PingFederate 8.1 and earlier versions, when configuring two SP connections with the same provisioner, the second connection built may be pre-populated with the channel from the first connection. To avoid conflicts, delete this pre-populated channel and create a unique channel for each connection.

Cookies must be enabled in the selected browser for SLO to work.

Updating the mobile attribute requires that the service principal representing the provisioner (the place the user gets the client key and secret) be assigned a role with Company Administrator privileges (using Powershell). See O365 Connector: Mobile attribute updates for more information.

Updating the Password attribute is not supported.

User updates containing a manager that has not yet been provisioned / updated by the new version will fail, as the manager will not have the new extended attribute holding their distinguished name from AD

If the DoBase64Conversion field is switched to “false”, expect conflicts / failures on federated domains containing pre-existing users provisioned by dirsync / V1.0

Only outbound provisioning is supported.

Syncing with existing groups is not supported.

SAML SLO is not supported. (WS-Fed SLO is supported and set as default).

After deleting a user, Azure AD prevents the same user from being created again due to a conflicting immutableId value. This issue only occurs when Remove Action is set to Delete.