Jul 03 2023 02:16 AM
Hi, we have setup on Knowbe4 SCIM user provisioning from Azure AD.
It works, but now we would like to excluded the manager field from syncing with Azure AD.
We edited the SAML SSO configuration on Azure, deleting the manager field from the 'Attribute Mapping' (I put a screenshot below just to give an idea of where we removed the manager's field. NB: this is not a screenshot from our system) list under User Provisioning.
We even stopped for a few minutes User Provisioning on Azure and then restarted it, but it still keep syncing and overriding the 'manager's field' and the related manager's email field on Knowbe4 platform.
Any idea on how can I stop the manager's field from syncing between Azure AD and Knowbe4 platform?
Jul 03 2023 04:42 AM
Hi @8932LDG,
To exclude the manager field from syncing between Azure AD and KnowBe4 platform using SCIM user provisioning, you need to make the configuration changes in Enterprise Apps in Azure AD:
1. Sign in to the Azure portal (https://portal.azure.com) using your administrator account.
2. Navigate to the Azure Active Directory.
3. Select the Enterprise applications tab.
4. Search for and select the KnowBe4 application in the list.
5. In the left-hand menu, select Provisioning.
6. Under the Provisioning Mode section, click on the Edit provisioning button.
7. In the Mappings section, locate the attribute mapping for the manager field (Azure AD Directory Users).
8. Remove the mapping for the manager field by clicking on the Delete (trash bin) icon next to it.
9. Click Save to save the changes.
By removing the mapping for the manager field, Azure AD will no longer sync the manager field with the KnowBe4 platform during the SCIM user provisioning process. It could take some time for the changes to be applied.
If my answer helped you, you can click on Mark as best response.
Kindest regards
Leon Pavesic