Troubleshooting the SCIM connection in Apple Business Manager
Below are some tips to help you troubleshoot your SCIM connection to Apple Business Manager.
The SCIM connection is failing
The Apple Business Manager Azure AD app is quarantined. See the Microsoft Support article Application provisioning in quarantine status.
Check the attribute mapping for the Apple Business Manager Azure AD app to make sure there are no additional attributes mapped. See the Microsoft Support article Problem configuring user provisioning to an Azure AD Gallery application.
Review the provisioning logs. See the Microsoft Support article Provisioning reports in the Azure Active Directory portal.
I don’t see the correct Azure AD users in Apple Business Manager
Make sure federated authentication is turned on.
Check the provisioning scope, and make sure it’s set to sync users from the appropriate domain.
There are two ways you can sync accounts from Azure AD to Apple Business Manager. Keep in mind that although each option shows the word Groups in Azure AD, Apple Business Manager has no concept of groups—that is, only user accounts are synced. Azure AD accounts must also have the role of user to sync to Apple Business Manager.
Sync only assigned users and groups: This option syncs only the accounts that appear in the Apple Business Manager Azure AD app to Apple Business Manager. You can add Azure AD groups to the Apple Business Manager Azure AD app. For example, if you have groups in Azure AD named Engineering, Marketing, and Sales, you can add those three groups to the Apple Business Manager Azure AD app. When you connect using SCIM, only accounts in those groups are synced to Apple Business Manager. When using this method to sync, Azure AD accounts must have the role of User to sync to Apple Business Manager.
Note: Subgroups aren’t supported in the Apple Business Manager Azure AD app.
Sync all users and groups: This option syncs all accounts (syncing groups isn’t supported) that appear in the Azure AD User tab to Apple Business Manager and creates Managed Apple IDs for all Azure AD accounts, even if you intend to use only a specific number of accounts.