Azure AD (Microsoft Entra id) is showing error while provisioning

vdivakar · February 29, 2024, 6:12am

Hi,
We are configuring Azure AD (Now Microsoft Entra id), Test connection is successful.
We have ensured all the permissions are given to the client id and secret.

We are getting following error while provisioning account into Azure AD.

“Unkown Account Type provided in request”

What is valid value for account type attribute in Azure AD ?

Sharing Provisioning Policy for reference

[
    {
        "name": "Account",
        "description": null,
        "usageType": "CREATE",
        "fields": [
            {
                "name": "accountType",
                "transform": {
                    "type": "static",
                    "attributes": {
                        "value": "AzureADMyOrg"
                    }
                },
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "userPrincipalName",
                "transform": {
                    "type": "rule",
                    "attributes": {
                        "name": "Create Unique Account ID"
                    }
                },
                "attributes": {
                    "template": "$(firstname).$(lastname)$(uniqueCounter)@abcoutlook.onmicrosoft.com"
                },
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "password",
                "transform": {
                    "type": "static",
                    "attributes": {
                        "value": "<Password>"
                    }
                },
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "displayName",
                "transform": {
                    "type": "identityAttribute",
                    "attributes": {
                        "name": "displayName"
                    }
                },
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "mailNickname",
                "transform": null,
                "attributes": {
                    "template": "$(firstname).$(lastname)$(uniqueCounter)"
                },
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "accountEnabled",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "boolean",
                "isMultiValued": false
            },
            {
                "name": "department",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "jobTitle",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "passwordPolicies",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "otherMails",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "givenName",
                "transform": {
                    "type": "identityAttribute",
                    "attributes": {
                        "name": "firstname"
                    }
                },
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "surname",
                "transform": {
                    "type": "identityAttribute",
                    "attributes": {
                        "name": "lastname"
                    }
                },
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "usageLocation",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "forceChangePasswordNextSignIn",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "boolean",
                "isMultiValued": false
            },
            {
                "name": "country",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "state",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "city",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "streetAddress",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "postalCode",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "physicalDeliveryOfficeName",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "telephoneNumber",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "mobile",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            },
            {
                "name": "facsimileTelephoneNumber",
                "transform": null,
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
            }
        ]
    }
]

Has anyone faced this error before ?

All insights are welcome.

Thanks

DeepanshuBisht · February 29, 2024, 7:04am

Hi Vaibhav,
The error message “Unknown Account Type provided in request” indicates that there might be an issue with the value provided for the “accountType” attribute in your provisioning request.

In your provisioning policy, the value for “accountType” attribute is set as “AzureADMyOrg”. This value is not a standard account type in Azure Active Directory (AAD).

In Azure AD, when creating a user, you typically don’t specify an “accountType” attribute directly. Instead, users are created as regular Azure AD users by default.

Is this attribute mandatory? Can you give it a go without specifying AccountType as well?

vdivakar · February 29, 2024, 7:45am

Hi @Deepanshu Bisht, If I give create policy without accountType attribute then I am getting following error

[“[ConnectorError] Error occurred in create user (requestId: dd8a60bc7ed6426a860c7d011f50dd6f)”,“[ConnectorError] Error occurred in create user (requestId: dd8a60bc7ed6426a860c7d011f50dd6f)”]

DeepanshuBisht · February 29, 2024, 10:43am

Got it.
Which means it is a mandatory field and is not putting a default value for accounttype.
Try utilizing other accounttypes below are the available accounttypes in Azure AD

Also cross validate the application for which you are trying to create the account for what type of account does it support and provide that same accounttype in your provisioning plan.

KevinHarrington · February 29, 2024, 2:31pm

Try “User”. According to the documentation here that is the default value. Create Profile Policy (sailpoint.com)

I don’t see any indication in your second error message posted that the error is tied to the accountType field. I have a hunch that the provisioning is failing for some other reason when accountType is empty and populating an invalid value for accountType just causes it to fail earlier.

anagha · March 1, 2024, 2:51pm

In Azure Active Directory (Azure AD), the valid values for the accountType attribute depend on the type of account you are working with. Here are the common account types and their corresponding values:

User Account:

User: Indicates a standard user account in Azure AD.

Guest Account:

Guest: Indicates a guest user account, which is a user from another Azure AD or a Microsoft account.

Service Principal:

ServicePrincipal: Indicates a service principal account, which is used for non-interactive applications and automation scenarios.

Group:

Group: Indicates a security group in Azure AD.

Application:

Application: Indicates an application registered in Azure AD.

vdivakar · March 1, 2024, 3:17pm

Thanks,
I have tried putting all these values one by one, but it did not work.

coelhoya2 · March 1, 2024, 10:11pm

Hi, this field it’s not mandatory and can be let disabled unless i’ts B2C account and by the doc should be set as Guest User B2B .
https://documentation.sailpoint.com/connectors/microsoft/azure_ad/help/integrating_azure_active_directory/create_account_policy.html

system · April 30, 2024, 10:12pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Azure AD Create Account Profile Error ISC Discussion and Questions identity-security-cloud , provisioning	5	159	September 27, 2024
Getting error while provisioning account in Active Directory ISC Discussion and Questions identity-security-cloud , provisioning	2	3214	July 19, 2023
Error Creating new Azure Ad account using Azure AD aconnector ISC Discussion and Questions	2	353	July 19, 2023
Hybrid Provisioning in AD and Azure AD ISC Discussion and Questions identity-security-cloud , provisioning	9	549	December 10, 2023
AD Accounts Creation with empty values ISC Discussion and Questions identity-security-cloud	3	451	February 16, 2024

Azure AD (Microsoft Entra id) is showing error while provisioning

Related topics