Page created: 24 Jul 2019 |
Page updated: 8 Feb 2022
The following are known issues or limitations for the Office 365 Provisioner.
- User attributes cannot be cleared once set, they can only be updated.
- Due to a limitation with PingFederate 8.1 and earlier versions, when configuring two SP connections with the same provisioner, the second connection built may be pre-populated with the channel from the first connection. To avoid conflicts, delete this pre-populated channel and create a unique channel for each connection.
- Cookies must be enabled in the selected browser for SLO to work
- Updating the mobile attribute requires that the service principal representing the provisioner (the place the user gets the client key and secret) be assigned a role with Company Administrator privileges (using Powershell). See O365 Connector: Mobile attribute updates for more information
- Updating the Password attribute is not supported
- User updates containing a manager that has not yet been provisioned / updated by the new version will fail, as the manager will not have the new extended attribute holding their distinguished name from AD
- If the DoBase64Conversion field is switched to “false”, expect conflicts / failures on federated domains containing pre-existing users provisioned by dirsync / V1.0
- Only outbound provisioning is supported
- Syncing with existing groups is not supported
- SAML SLO is not supported. (WS-Fed SLO is supported and set as default)
- After deleting a user, Azure AD prevents the same user from
being created again due to a conflicting
immutableIdvalue. This issue only occurs when Remove Action is set to Delete.