Recent searches
No recent searches
Azure AD Autoprovisioning stopped working
Posted Apr 26, 2022
I have a group in Azure AD called ZenDesk from which agents are set to be auto-provisioned. Yesterday, I made a change in the ZenDesk application scoping filters in Azure AD to set it to provision only assigned users and groups. For some reason, when I did that, things stopped working. Multiple agents were deleted from ZenDesk and their tickets were unassigned. I tried switching it back to "Sync all users and groups", but when I try to re-provision those users who were deleted, I get an error in Azure:
Error code
MappingEvaluationFailed
Error message
An error occurred while evaluating this function: 'custom_roles = AppRoleAssignmentsComplex(source: appRoleAssignments).'
0
8
8 comments
Ian McDougal
Update: I also hade one user who was assigned to the ZenDesk app directly (i.e. not through the ZenDesk group) who has now suddenly been deleted. He is assigned the "admin" role, which is why he's not provisioned through the group.
0
Barkha Bhatia
Ian McDougal
Did you create a customer support ticket with Zendesk for this?
0
Lotfi Chehaidia
Hello,
I have the same problem. The support told me that they can't help as Microsoft developped the app.
Is there any fix ? It worked in June when I ran some tests
0
Ian McDougal
I did open a customer support ticket, yes, but my results were much the same as Lotfi's.
This happens every once in a while still, and is very annoying. All ZenDesk agents and admins except the billing admin are removed, and I have to go in and run provisioning for each ZenDesk agent individually in Azure AD to get them back. Then I have to go in and reassign all tickets manually. It's a mess.
It seems to happen specifically when update job title/manager for users in Active Directory. I have a PowerShell script I use to update managers/job titles based on a CSV HR sends us, and I have to make sure none of the ZenDesk agents is on the CSV file that the script runs through, or that agent will be deleted from ZenDesk. It also happened when I added the "Job Title" attribute to user provisioning in the Azure AD enterprise app.
0
Joshua Lobeck
I seem to have a simpler problem with Light Agents not getting pushed into Zendesk from Azure with the Light Agent account. However, when I provision in Azure I have 3 groups - All Staff / Admins / Light Agents - 2 of the 3 work just fine getting into Zendesk (All Staff and Admins) However even though on the Azure side it shows an end user lets call him Tim - Tim is apart of the "End User group and the Light Agent group" as you can see below both groups (These are azure security groups) were pushed. On the Zendesk site, it still shows Tim as an end user and not a light agent. When I remove the Light Agent group from Azure and just place Tim in as a user assigned to the Light Agent role it works Tim is a light agent. Does anyone know how to get this working correctly?
0
Mike DR
I see that you have opened a ticket for that, will assist you there!
0
Noor Alhemyari
Joshua Lobeck
Joshua I'm having the same issue, its driving us crazy, we have 30+ agents who lost their access everytime their AzureAD/EntraID user is updated, i'll appreciate sharing any findings?
0
Noor Alhemyari
Mike DR any chance I can get your support, i have a ticket logged 12896174
0