SCIM User Provisioning

You are likely to get this error when you try to import Groups along with users from Azure AD into AssetSonar using the SCIM protocol. Please note that AssetSonar does not import Groups via SCIM protocol, but only the users. Since this error applies to Groups only, users from your Azure AD are provisioned into the AssetSonar account regardless. 

You can avoid this error by disabling the provisioning of Groups within your Azure portal. To do so, select ‘No’ next to Provision Azure Active Directory Groups in the Mappings section when you’re provisioning users.  

Learn more about provisioning users in Azure AD here.

If a custom role imported via SCIM from your Active Directory — Okta, Azure AD, or OneLogin  does not exist in AssetSonar, users belonging to that custom role can be provisioned to a default role in AssetSonar.

You can set the Default Role using the option highlighted below:

Default role user provisioning

Let’s say, you imported users belonging to the custom role Customer Success team from your Active Directory via SCIM and this custom role is not present in AssetSonar, users belonging to this role will be provisioned as Administrators if you select the option ‘Provision to Administrators’.

If you do not wish to provision these users as Administrators, you can also select the option ‘Provision to some role’ and provision these users to a custom role that already exists in AssetSonar.

Note: You can carry out the same action while importing custom roles from LDAP or Google Workspace directory into AssetSonar.

Related articles
[How-to] Implement User Provisioning via SCIM with Azure AD in AssetSonar
[How-to] Implement User Provisioning via SCIM with AssetSonar and Okta
[How-to] Implement User Provisioning via SCIM with OneLogin in AssetSonar


Your Active Directory (AD) may fail to create members in AssetSonar if the custom field(s) associated with members are mandatory but not specified in the AD platform. Hence, leading to the error “Failed to create user in {Application Name}”.

There are two ways you can bypass this error and successfully import your members from your AD into AssetSonar:

  1. If the mandatory custom fields in your AD have unspecified values, make such fields non-mandatory.
  2. Alternatively, if you want to keep your custom fields as mandatory, follow these steps:
    – Provide a default value for the said custom fields e.g. the boolean custom field Insurance Covered (Yes/No) can have the default value “No” or the dropdown custom field Team can have the default value “Unspecified”.
    – Accurately map the mandatory custom fields in AssetSonar settings (Settings → Add Ons → User Provisioning via SCIM → SCIM Attributes).
    – Ensure that mapped custom fields have all their values specified in Azure AD for a successful sync.

If the error persists, contact our Support team at support@assetsonar.com.

Applies To

  • Custom applications
  • SCIM Provisioning


  1. Log in to your Okta Org account as the Super Admin.
  2. Click the ‘Admin’ button.
  3. Go to Applications → Add Application.
  4. Select the ‘Create New App’ button. Specify the Platform as Web, choose Secure Web Authentication (SWA) as the Sign-on method, and click ‘Create’.
    SWA -> Create – 1″ width=”783″ height=”447″ /><br />
<li style=Input the values to complete the application setup.
  5. Under the General tab, you will see the new Provisioning options. Note: Contact Okta Support if this option does not appear.
  6. Select ‘SCIM’ as the Provisioning method and hit ‘Save’ once done.
    Scim for provisioning

Note: If the above options do not appear, contact Okta Support and request to have SCIM Provisioning enabled.

Yes, AssetSonar gives you the ability to map contact and address attributes from your Identity Provider (IdP). 

The process for Okta is explained below. You can follow similar steps for other IdPs.

Open your identity provider to navigate to the attributes section.

After logging in to your Okta account, open the Directory menu and select ‘People’.

When you open a user’s profile, you can scroll down to their attributes. The attribute used for Street Address is highlighted in the screenshot below. To map this attribute, simply copy the text indicating the attribute (highlighted) from your IdP.

Now, log back into your AssetSonar account and go to  Add Ons. In the ‘User Provisioning via SCIM’ section, you’ll find similar address attributes. Paste the copied text into the relevant field i.e. Address Line 1 in this case, and sync.

Once you update the settings, sync your members by going to the members tab. 

When you press the sync button, the attributes will be successfully mapped.

In a similar manner, all the other values of the address attributes can be mapped from your IdP into AssetSonar.

Load More