I had to create last week a demo onboarding workflow on 365 for a big Customer, The last part of it was (of course) the creation of the O365 user. When I tested, the action didn't work, even if it's normally configured (as I would do for any O365 tenants).
The only difference I can find from the usual case is that they are in Federated AD. Anyone already tried that in such an Infrastructure?
Solved! Go to Solution.
So the account that needs to be created must be added to a domain that does not match the one shared with the tenant, but is federated with the tenant domain in Azure.
Is this correct? If so, there must be a trust provided for this to be possible. Above this, there would be a limited amount of accounts that could do this through the trust. I don't have a way to test with you, but I would look at PowerShell to see if it is possible there first and find what the limitations are.
I have actually tried with powershell, it didn't work neither. We kept having this error "« Unable to create user. You must provide a required property: Parameter name: FederatedUser.SourceAnchor»."
Actually, searching on the net, I have found several comments around that case, and their solution was to verify that this tenant variable 'DirectorySynchronizationEnabled' was set to True.
We made a change on their tenant and it worked like a charm!
Perfect, nice find! I always try test with PowerShell when I can't get the changes I'm looking for. You usually find more clues that way like you have. Feel free to mark your response as correct. Looking forward to your blog on the solution, sounds like an awesome scenario on how to use Nintex Workflow in O365!