What does 'Test Connection' do in Azure AD Enterprise application?


  • I am trying to configure an SCIM service (BYOA) with AzureAD Enterprise Application from Azure Portal (new). My SCIM endpoint is 'https://scim.myapp' where resources can be accessed as 'https://scim.myapp/scim/Users'. So the base URL I am trying to set is 'https://scim.myapp'. 

    But when I try to configure with a valid token, and do a 'Test Connection' it gives an error saying,

    'You appear to have entered invalid credentials. Please confirm you are using the correct information for an administrative account.'

    What does this 'Test Connection' trying to do? is there a way I can see these requests? 

    Wednesday, March 8, 2017 6:04 AM

All replies

  • Test Connection simply tries to authenticate to the provided tenant URL (which should be the SCIM service endpoint) using the provided token.

    Perhaps the tenant URL entered isn’t the SCIM service endpoint? You mentioned the endpoint is 'https://scim.myapp' but the screenshot shows a URL ending in “.net”

    Also, the endpoint needs to be publicly reachable in the cloud.

    Thursday, March 9, 2017 6:59 AM
  • I didn't share the actual URL, 'scim.myapp' is just a name. Tenant URL is correct. I figured out the issue by enabling application insights in my azure deployment.

    The error message is misleading, it was not an authentication error. When the URL is invalid https://scim.myapp/blahblah, it's returns a 404, but AzureAD accepts that as a valid URL and Test Connection gets passed, which is not correct. When correct URL 'https://scim.myapp' is provided, it's trying to execute Get Users/[azureAD object Id] URLs, which returned HttpStatus 500 from my api, where AzureAD assumes it's an authentication issue. I had to fix to send 404. 

    It would have been really nice if AzureAD displays the requests and responses in this UI.

    Friday, March 10, 2017 2:32 AM