I ran into an annoying bug with Entra ID's SCIM provisioning — Integer-type values don't work for custom attributes when creating new users.
For context, I set up a custom attribute called LinuxUID to store POSIX user IDs as part of our OCI Identity Domains integration. These UIDs get used by the Linux PAM module for authentication. The SCIM attribute mapping looks like this:
urn:ietf:params:scim:schemas:oracle:idcs:extension:posix:User:uidNumber
Updating existing users? Worked fine. But provisioning new users kept failing with this error:
Mapping Integer value to remote attribute is expecting Integer, but is being passed as
'[ string, dateTime, binary, reference ]'
See the problem? Integer is missing from that type array entirely. The attribute expects an Integer, but the provisioning engine only knows how to pass string, dateTime, binary, and reference.
Turns out this only affects new object creation. Updates work fine because the patch request factory handles Integer types correctly — the creation factory just... doesn't.
I opened a support case with Microsoft and got this RCA back:
Solution is to update EntryCore2GroupFactory to handle Integer type custom attributes similar to how it's handled in EntryResourcePatchRequestFactory. The deployment will start within 2 weeks.
So if you're hitting the same thing, the fix should already be deployed on Microsoft's side by now.