Good day community.
We are experiencing an issue where the wrong AD account is linked with a Genesys user.
This causes both users to fail to sync via SCIM. (Using the Azure AD Sync App)
Removing the users from provisioning does not work as the sync operation fails because the of the incorrect account link.
User 1 does not sync as it sees a 'duplicate' of itself (This is the Genesys account that is not linked to AD account)
StatusCode: BadRequest Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response: {"status":"409","scimType":"uniqueness","detail":"Duplicate value for "person" contactInfo.email_main="constantino.armando@solucaocc.co.ao";\n contextId:[ 459792b2-ea53-46f3-b1ee-8db6111941a8 ]","schemas":["urn:ietf:params:scim:api:messages:2.0:Error"]}. This operation was retried 2 times. It will be retried again after this date: 2023-07-15T03:12:27.9654082Z UTC
User 2 does not sync as the Genesys account is linked to user 1 AD account
Azure Active Directory entry cd9199eb-b537-40e3-bcab-0cb30a2567bb matches the customappsso entry 1c0d8aa9-26d5-4f88-ac45-a04b8835df07 based on the userName value { Add:"claudio.costa@quality.co.ao" (Source) }. However, the Azure Active Directory entry e0c0d7da-816b-4acc-b236-5873ae62e3b6 has already been matched with the customappsso entry 1c0d8aa9-26d5-4f88-ac45-a04b8835df07. Consider deleting the Azure Active Directory entry cd9199eb-b537-40e3-bcab-0cb30a2567bb, or at least not granting it access to customappsso. This operation was retried 0 times. It will be retried again after this date: 2023-07-14T15:52:22.3006746Z UTC
Not 100% sure how this happened.
I suspect user 1 AD account had user 2's email address configured on the AD field we use to match users and then linked to the 'wrong' account.
Is it possible to 'force' a user to de-sync via the API? (Destroy the AD-Genesys link for user)