Azure AD User Sync integration is getting disabled / Error message shown in Azure AD User Sync card
Helpguide --> https://help.sdpondemand.com/azure-ad-user-syncWhen the integration is automatically disabled or the sync is not running, it might be due to one of the following reasons.
These errors will be displayed in the Integration Card and will also appear in the Sync Report.
These errors will be displayed in the Integration Card and will also appear in the Sync Report.
a. When there is no error message in the Azure AD User Sync card
We have a 20,000 user limit for sync via Azure AD User Sync. Once this limit is exceeded, the integration will be disabled automatically.
Kindly drop an email to the support team to verify the same.
b. User sync stopped because the Org Admin role has been revoked from the admin who enabled this integration. Please re-enable the integration to resume user sync.
The OrgAdmin role is necessary for the sync to function.
If the OrgAdmin role is downgraded for the user who enabled the integration, the sync will stop running.
This error will be shown in the Integration Card.
Re-enabling the integration with the required role will fix this.
c. User sync stopped because the Org Admin who enabled this integration has been removed from the application. Please re-enable the integration to resume user sync.
The user who enabled the sync must be present in the instance for it to work.
If the user is deleted, the sync will stop, and this error will be displayed in the Integration Card.
Re-enabling the integration with the required permissions will fix this.
If the user is deleted, the sync will stop, and this error will be displayed in the Integration Card.
Re-enabling the integration with the required permissions will fix this.
d. User sync stopped because the token has been invalidated. Please re-enable the integration to resume user sync.
Re-enabling the integration will fix this.
The token used to add users in IAM is either not stored correctly or has been invalidated for some reason.
In this case, the sync will stop, and this error will appear in the Integration Card.
e. User import failed because the logged-in user count has reached the maximum limit. Please contact servicedeskplus-cloud-support@manageengine.com to increase the limit.
By default, 1000 login slots are provided by IAM. Once this limit is reached, no more users can be added to ESM, and this error will be displayed during sync. Kindly contact the SDP Cloud support team to increase the count.
- Once increased, the sync will resume during the next scheduled run.
- If user space is available but the error still appears, please advise the user to trigger a Restart Sync.
New to ADSelfService Plus?
Related Articles
Users not added/updated to SDP - Azure AD User Sync
Helpguide --> https://help.sdpondemand.com/azure-ad-user-sync a. Check whether Initial Sync is completed When Azure AD has a large set of users, it might take time to process and sync all of them. Once the Initial Sync is completed, all users would ...Azure AD User Sync – Overview
Helpguide --> https://help.sdpondemand.com/azure-ad-user-sync Azure AD User Sync, when enabled, gets users from Azure periodically and adds/updates/deletes them in SDP. The sync flow is mainly categorized into 2 parts: Initial Sync and Incremental ...Microsoft Azure Integration Card Error
a. Error message in Microsoft Azure card - "Authentication failed for MS Azure Global admin account. Please authenticate again." Re-enabling the integration will resolve the issue. The authenticated token may have been invalidated due to certain ...Users are not deleted/login revoked - Azure AD User Sync
Ensure the configurations are selected correctly by navigating to: Setup → Apps and Add-ons → Integrations → Azure AD User Sync. Also, verify that the user has been synced at least once previously through Azure AD User Sync or Import from Azure. This ...Microsoft Azure Integration and its benefits
Kindly refer to this link for more info about this integration, https://help.sdpondemand.com/azure_integration Why does this integration have to be enabled separately? This is an additional authentication step implemented to enhance the existing ...