AzureAD SCIM integration not sending DELETE requests

Question

I implemented SCIM API and integrated with Azure.

When I delete a user in AzureAD it does not send DELETE requests. I tried deleting from the application as well as from the directory.

Get Users/[userID], Get Query, and POST /Users working fine. Also I am getting PATCH requests as well, but since I have not implemented PATCH returns 404.

1. Why it's not sending DELETE requests? As per the Azure AD SCIM Documentation it should send DELETE requests.

2. How does AzureAD track the "Id" attribute of User sent by SCIM service, is it from the "Id" attribute of SCIM response or with the Uri in Meta/Location attribute. Reason for this question is that when I delete a user in AzureAD how is it going to know the Id of the user.

Answer 1

To answer the first question, the Azure AD provisioning service sends the DELETE request only after a user has been hard-deleted from Azure AD.

Here’s more information on how deletion works in Azure AD:

https://david-obrien.net/2014/12/recover-deleted-users-azure-active-directory/

http://www.exchangeitpro.com/2016/10/20/permanently-delete-user-from-office-365-all-you-need-to-know/

If a user is deleted from the portal, they go into a soft-deleted state. They stay in that state for 30 days, after which they are hard-deleted.

The Azure AD provisioning service will send a request to the app to disable the account when a user is soft-deleted in Azure AD.

Upon final hard-deletion, Azure AD sends the request to the app to DELETE the user.