-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Products and Technology
- Technology
- Technology Q&A
- IPS Error when provisioning useHs from IAS to SAC
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forÂ
Options
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Read only
IPS Error when provisioning useHs from IAS to SAC
tskwin
Participant
Options
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
‎2025 Mar 05 7:09 PM - edited ‎2025 Mar 05 7:12 PM
322
Hello Experts,
I get an IPS error when provisioning users from IAS to SAC.
The first provisioning works fine with no errors, and users are created in SAC.
However, when I provision users to SAC again ( when provisioning user changes) using a READ or RESYNC job, I get the following error:
error=HTTP operation failed invoking https://sactenant/api/v1/scim2/Users/667w-wee3-32ds-23d-23wdad with statusCode: 400, Response: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"400","scimType":"invalidValue","detail":"Request is unparsable, syntactically incorrect, or violates schema."},
The Target SAC Transformation Code is:
{
"user": {
"condition": "isValidEmail($.emails[0].value) && (('%sac.group.prefix%' === 'null') || ($.groups[?(@.display =~ /%sac.group.prefix%.*/)] empty false))",
"mappings": [
{
"constant": [
"urn:sap:params:scim:schemas:extension:sac:2.0:user-custom-parameters",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"targetPath": "$.schemas"
},
{
"sourceVariable": "entityIdTargetSystem",
"targetPath": "$.id"
},
{
"sourcePath": "$.emails[0].value",
"targetPath": "$.userName"
},
{
"condition": "$.emails[?(@.primary == true)].value != []",
"sourcePath": "$.emails[?(@.primary == true)].value",
"preserveArrayWithSingleElement": false,
"optional": true,
"targetPath": "$.userName"
},
{
"sourcePath": "$.userName",
"optional": true,
"targetPath": "$.userName"
},
{
"sourcePath": "$.name.givenName",
"optional": true,
"targetPath": "$.name.givenName"
},
{
"sourcePath": "$.name.middleName",
"optional": true,
"targetPath": "$.name.middleName"
},
{
"sourcePath": "$.name.familyName",
"optional": true,
"targetPath": "$.name.familyName"
},
{
"sourcePath": "$.displayName",
"optional": true,
"targetPath": "$.displayName"
},
{
"sourcePath": "$.externalId",
"optional": true,
"targetPath": "$.externalId"
},
{
"sourcePath": "$.active",
"optional": true,
"targetPath": "$.active"
},
{
"sourcePath": "$.emails",
"preserveArrayWithSingleElement": true,
"targetPath": "$.emails"
},
{
"condition": "$.emails[0].length() > 0",
"constant": true,
"targetPath": "$.emails[0].primary"
},
{
"sourcePath": "$.groups[*].value",
"preserveArrayWithSingleElement": true,
"optional": true,
"targetPath": "$.groups[?(@.value)]",
"functions": [
{
"entityType": "group",
"type": "resolveEntityIds"
}
]
},
{
"sourcePath": "$['urn:sap:params:scim:schemas:extension:sac:2.0:user-custom-parameters']",
"optional": true,
"targetPath": "$['urn:sap:params:scim:schemas:extension:sac:2.0:user-custom-parameters']"
},
{
"sourcePath": "$.emails[0].value",
"optional": true,
"targetPath": "$['urn:sap:params:scim:schemas:extension:sac:2.0:user-custom-parameters']['idpUserId']"
},
{
"condition": "$.emails[?(@.primary == true)].value != []",
"sourcePath": "$.emails[?(@.primary == true)].value",
"preserveArrayWithSingleElement": false,
"optional": true,
"targetPath": "$['urn:sap:params:scim:schemas:extension:sac:2.0:user-custom-parameters']['idpUserId']"
},
{
"sourcePath": "$['urn:sap:params:scim:schemas:extension:sac:2.0:user-custom-parameters']['idpUserId']",
"optional": true,
"targetPath": "$['urn:sap:params:scim:schemas:extension:sac:2.0:user-custom-parameters']['idpUserId']"
},
{
"sourcePath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['manager']['value']",
"optional": true,
"targetPath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['manager']['value']",
"functions": [
{
"type": "resolveEntityIds"
}
]
}
]
},
"group": {
"condition": "isAttributeWithOptionalPrefix($.displayName, sac.group.prefix) && isAttributeWithOptionalPrefix($['urn:sap:cloud:scim:schemas:extension:custom:2.0:Group']['name'], sac.group.prefix) && (isRegularGroup() || isApplicationSpecificGroup())",
"mappings": [
{
"constant": [
"urn:ietf:params:scim:schemas:core:2.0:Group",
"urn:sap:params:scim:schemas:extension:sac:2.0:group-roles",
"urn:sap:params:scim:schemas:extension:sac:2.0:group-custom-parameters"
],
"targetPath": "$.schemas"
},
{
"sourceVariable": "entityIdTargetSystem",
"targetPath": "$.id"
},
{
"sourcePath": "$.displayName",
"targetPath": "$.displayName",
"functions": [
{
"condition": "isAttributeWithMandatoryPrefix(@, sac.group.prefix)",
"function": "replaceFirstString",
"regex": "%sac.group.prefix%",
"replacement": ""
}
]
},
{
"sourcePath": "$.externalId",
"optional": true,
"targetPath": "$.externalId"
},
{
"sourcePath": "$.roles",
"preserveArrayWithSingleElement": true,
"optional": true,
"targetPath": "$.roles"
},
{
"sourcePath": "$.members[*].value",
"preserveArrayWithSingleElement": true,
"optional": true,
"targetPath": "$.members[?(@.value)]",
"functions": [
{
"entityType": "user",
"type": "resolveEntityIds"
}
]
},
{
"sourcePath": "$['urn:sap:params:scim:schemas:extension:sac:2.0:group-roles']",
"optional": true,
"targetPath": "$['urn:sap:params:scim:schemas:extension:sac:2.0:group-roles']"
},
{
"sourcePath": "$['urn:sap:params:scim:schemas:extension:sac:2.0:group-custom-parameters']",
"optional": true,
"targetPath": "$['urn:sap:params:scim:schemas:extension:sac:2.0:group-custom-parameters']"
},
{
"sourcePath": "$['urn:sap:cloud:scim:schemas:extension:custom:2.0:Group']['description']",
"optional": true,
"targetPath": "$['urn:sap:params:scim:schemas:extension:sac:2.0:group-custom-parameters']['description']"
}
]
}
}
In SAC, under "Choose a user attribute to map to your provider", "USER ID" is selected.
Dynamic User Creation is disabled.
The USER ID is provisioned from Azure as employeeId.
Any ideas on how to fix this?
Thank you very much.
Best Regards
Need more details?
Request clarification before answering.
Accepted Solutions (0)
Answers (0)
BlueskyAsk a Question
Related Content
- CAP Multitenancy: Connectivity Service returns 401 invalid_client despite correct provisioning setup in Technology Q&A
- Setting Up Joule Studio for All Partner Flows and Entitlement Levels in Technology Blog Posts by SAP
- Securing CAP Applications with SAP Cloud Identity Services and AMS in Technology Blog Posts by SAP
- SAP SDI - CamelJdbcAdapter - Cannot load JDBC driver class 'com.databricks.client.jdbc.Driver' in Technology Q&A
- Building Power BI Analytical Reports using SAP Datasphere in Technology Blog Posts by Members
Top Q&A Solution Author
| User | Count |
|---|---|
| 6 | |
| 6 | |
| 6 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.