Hello all,

I have on prem AD users and groups syncing to AAD, which I then provision to SNOW. Everything from AD to AAD is syncing correctly, however I am unable to get group memberships to sync over to SNOW.

I have the Scope option in AAD for the SNOW app set to "Sync all users and groups" and have assigned a couple of groups under Users and Groups to the SNOW app.

However the provisioning only shows 2 groups being sync'd over. If I provision on demand, the group will sync over, but with no members.

What am I missing? Shouldn't all users regardless of if they are assigned to SNOW or not be provisioned based on the scoping settings?