Hi, I have a question in regards with SCIM integration. We already have users that were manually created in Bitwarden with their email address but now we want to provision users with SCIM and this will be linked with their account in Azure AD. What will happen if a user has already has an account in Bitwarden in this case?
Thank you in advance for your help
Hey, I see this hasn’t been answered - in our experience, users that already exist will cause SCIM provisioning to fail for the affected accounts, but they should still work (they won’t be deprovisioned or disabled or anything).It would certainly be better the process it was able to detect that the user was created outside of the SCIM process and gracefully skip them, but unfortunately that doesn’t seem to be the case.
Other users will provision fine though, so it’s mostly an annoyance to see the provisioning errors in the logs - no real harm done AFAIK.
Bitwarden member accounts have an externalid field. in case of Azure AD we’ve rolled out SCIM with a wrong mapping.
First we changed the SCIM mapping field externalid to Azure object ID. This the unique identfier within Azure which never changes.
Via bitwarden support we’ve got an powershell script to update the field. This powershell is based on the API tools from Bitwarden.