Genesys Cloud SCIM - Azure AD Sync - Update

Once a person has been synced over from AD, if I modify something like their title, department, etc in Genesys Cloud, (which are mappings in SCIM) the next time Azure syncs my changes stay. I had assumed that SCIM would sync Genesys to whatever is setup in AD each time it synced, overwriting whatever change I made in Genesys, but it appears changes made in Genesys override that. Please help or point me to what is expected behavior.

Good morning any thoughts or feedback?

So this response was generate by Richard Schott, but for some reason he can't log in so I am passing it along:

Azure never checks for user updates in the external system unless the entire sync process is restarted within Azure (i.e. clear cache and resync, see screenshot below). They expect that external changes will be synced back in to Azure. Our Azure AD app is strictly a one way sync operation, with Azure being the “source of truth”. If another attribute on the user were to change within Azure, they would republish the entire user back to us, overwriting the changed values in Genesys Cloud. However if the user never changes in Azure, then the changes will persist in Genesys Cloud indefinitely.

To force a complete resync, click this in Azure AD:

Required assistance with Azure SCIM integration,

Currently, in our ORG we use SCIM integration with Azure AD.
We do have two divisions SALES & SERVICE. During the Azure to Genesys cloud synch process, we assign division name to a constant in Azure and push it as "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:SALES
by default, all users are synch to Genesys cloud with division as SALES and then we manually update the users to correct division in the Genesys cloud. i,e, manually change the division from SALES to SERVICE for some users and save them.

From time to time we noticed that when we move a user manually to the SERVICE division which was sync from Azure as the division SALES, it moves back to the SALES division after some time even though no changes were made in Azure AD.

It is causing issues with the Dashboard agent status view where dashboard roles are restricted to divisions, when an agent incorrectly moved from SERVICE division to SALES it stops displaying the agent status dashboard and we have to find the user who was moved to the incorrect division during the sync process and change it again and then dashboard displays correctly.

Question:

I would like to check how do we assign different divisions if we have created a single application for SSO setup and also configured SCIM integration for auto-provisioning, we tried in the groups and it doesn't have the same target attributes.
Is there a different way we can map the user to each division within the Azure when using a single application?

What is the solution for dashboard agent status view when users are sync to different division by Azure? I don't want to give privilege to other division to fix this issue.

Even though we are not making any changes in Azure AD why the changes to the division in the Genesys cloud is not staying? i.e. it is reverting to mapped division in Azure.

The division changing within Genesys Cloud was most likely initiated by Azure AD as part of a resync. Azure is in complete control over when they send updates to Genesys Cloud; if they send an update then Genesys Cloud will honor it. The fact that you have division set as a constant means that the changes you've performed in Genesys Cloud will eventually be overwritten.

An alternate approach would be to either use an expression to determine what division should be sent to Genesys Cloud based on an attribute within Azure (something like the IIF expression evaluating the department could be an option: https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/functions-for-customizing-application-data#iif).

Alternatively, if not being used for other purposes you could map the department (or some other standard attribute) to provide the value for division. Lastly, you could leverage one of the extension attributes (https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-schema-extensions) as a store for the division value.