SCIM role sync loop
I'm trying to implement SCIM provisioning within my app and I've got it mostly working. The last thing is getting role assignments down. However, I'm running into a sync loop issue because I can't seem to figure out what Entra is expecting during the GET request diff comparison.
I have roles multi-value checked and with the expression AppRoleAssignmentsComplex([appRoleAssignments]) on the actual mapping. The provisioning logs consistently show something like {"id":"123-some-id","value":"admin","displayName":"Admin"} as the new value being set.
I've tried multiple formats for the user's role attribute within my app for Entra's GET request diff, even going as far as to hard code the exact same hash. And I did verify my user's roles structure by doing my own GET request to my server.
I'm at a loss here on what I'm doing wrong. Perhaps, I've missed something crucial within the documentation about this? Also, while it's not the end of the world as it's ultimately just going to be some noisy logs with unnecessary PATCH requests, it does feel a bit messy.
Any help here would be appreciated.