SSO and SCIM Provisioning with different mail and user principal name

I am trying to figure out how I need to configure SCIM Provisioning in Microsoft Entra in case the user principal name (upn) is not the same as the “mail” attribute.

Our company has multiple top-level domains. In this case the global domain, used as user principal name is always example**.com**. The user attribute “mail” is based on the top level domain of the user location, like example**.de** or example**.com**.

After configuring SCIM provisioning for my users, they are shown in the UI, but after logging in with their mail or upn, the SCIM provisioning state of the user is stuck at “pending scim”. The shown mail address is the upn domain example**.com**.


I followed these instructions to setup SCIM provisioning:

Hi there, Thanks for reaching out and appreciate for explaining the details!
Usually, “Pending SCIM” appears next to users who have been provisioned via SCIM but haven’t logged into their accounts yet. Once a user logs into their account in Figma, “Pending SCIM” disappears.

If you still see “Pending SCIM” after the user logs into their account in Figma, I suggest to reach out to our support team directly from here:
So that they can take a closer look!


Hello @Junko3,
yes it still shows “Pending SCIM” after logging in.
I will reach out to the support.

Hello Kockmeyer_Florian, Thanks for replying! I confirmed that we received your ticket in our backend (ticket#: 896216) and our support team is currently working on it. Appreciate your patience in the meantime!

A post was split to a new topic: Is the pending SCIM the only option we have for SCIM?

Hi, We are experiencing same problem. Is this still on the backlog or is there some solution or workaround for this?