Azure AD Autoprovisioning stopped working | Community
Skip to main content

Azure AD Autoprovisioning stopped working

  • April 26, 2022
  • 8 replies
  • 0 views
I

I have a group in Azure AD called ZenDesk from which agents are set to be auto-provisioned.  Yesterday, I made a change in the ZenDesk application scoping filters in Azure AD to set it to provision only assigned users and groups.  For some reason, when I did that, things stopped working.  Multiple agents were deleted from ZenDesk and their tickets were unassigned.  I tried switching it back to "Sync all users and groups", but when I try to re-provision those users who were deleted, I get an error in Azure:

Error code

MappingEvaluationFailed

Error message

An error occurred while evaluating this function: 'custom_roles = AppRoleAssignmentsComplex(source: appRoleAssignments).'

    8 replies

    I
    • Ian15
    • Author
    • April 26, 2022

    Update:  I also hade one user who was assigned to the ZenDesk app directly (i.e. not through the ZenDesk group) who has now suddenly been deleted.  He is assigned the "admin" role, which is why he's not provisioned through the group.

    Barkha
    • Barkha
    • June 23, 2022

    @ian15

     

    Did you create a customer support ticket with Zendesk for this?

    L
    • Lotfi11
    • August 22, 2022

    Hello,

    I have the same problem. The support told me that they can't help as Microsoft developped the app.

    Is there any fix ? It worked in June when I ran some tests

    I
    • Ian15
    • Author
    • July 11, 2023

    I did open a customer support ticket, yes, but my results were much the same as Lotfi's.

    This happens every once in a while still, and is very annoying.  All ZenDesk agents and admins except the billing admin are removed, and I have to go in and run provisioning for each ZenDesk agent individually in Azure AD to get them back.  Then I have to go in and reassign all tickets manually.  It's a mess.

    It seems to happen specifically when update job title/manager for users in Active Directory.  I have a PowerShell script I use to update managers/job titles based on a CSV HR sends us, and I have to make sure none of the ZenDesk agents is on the CSV file that the script runs through, or that agent will be deleted from ZenDesk.  It also happened when I added the "Job Title" attribute to user provisioning in the Azure AD enterprise app.

    J
    • Joshua52
    • February 25, 2024

    I seem to have a simpler problem with Light Agents not getting pushed into Zendesk from Azure with the Light Agent account. However, when I provision in Azure I have 3 groups - All Staff / Admins / Light Agents - 2 of the 3 work just fine getting into Zendesk (All Staff and Admins) However even though on the Azure side it shows an end user lets call him Tim - Tim is apart of the "End User group and the Light Agent group" as you can see below both groups (These are azure security groups) were pushed. On the Zendesk site, it still shows Tim as an end user and not a light agent. When I remove the Light Agent group from Azure and just place Tim in as a user assigned to the Light Agent role it works Tim is a light agent. Does anyone know how to get this working correctly?   

    Mike53
    • Mike53
    • February 26, 2024
    Hi Joshua!
     
    I see that you have opened a ticket for that, will assist you there!
    N
    • Noor11
    • August 30, 2024

    @joshua52 

    Joshua I'm having the same issue, its driving us crazy, we have 30+ agents who lost their access everytime  their AzureAD/EntraID user is updated, i'll appreciate sharing any findings?

    N
    • Noor11
    • August 30, 2024

    @mike53 any chance I can get your support, i have a ticket logged 12896174

    Terms & ConditionsCookie settingsAccessibility statement