Overview
This article addresses a 400 error that occurs during a System for Cross-domain Identity Management (SCIM) deprovisioning attempt. This failure is observed when using a Security Assertion Markup Language (SAML) Single Sign-On (SSO) connection.
Applies To
- SCIM Deprovisioning
- Security Assertion Markup Language (SAML)
- Single Sign-On (SSO)
Cause
The error occurs because the payload sent during the deprovisioning attempt contains incorrectly formatted address attributes. Attributes such as streetAddress, city, state, postalCode, and country are sent as arrays. The SCIM user schema expects these attributes to be formatted as simple strings, and this mismatch causes the payload to be rejected.
Solution
To resolve the deprovisioning failure, remove all profile mappings for address-related attributes in the SCIM application configuration. This action ensures the incorrectly formatted address payload is no longer sent.