function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Jesuits ConfluenceJesuits Confluence 

Custom Profiles in Azure AD Single sign on

We tried to set up single sign on in Azure AD. We followed all the steps from the tutorial

In step 3, assigning users to the saleforce, we dont see the custom profiles from salesforce. We see only standard profiles.
We tried JIT user provisioning with standard type but still no custom profile is available in the azure ad side.

Does anyone know any fix for this? Thanks in advance
Jesuits ConfluenceJesuits Confluence
To provide more detail, there are two issues we have not been able to resolve or find clear insight on through the available documentation.

1) Production Setup: 

When we perform the task in Active Directory to Assign a User, we do not see any of the custom profiles that exist in Salesforce. In our developer instance and a test Azure Active Directory, every profile, including a custom one, is available.

2) Test Setup: 

Once the initial setup is completed, we see all the profiles from Salesforce available to assign to a user in Active Directory. However, if a new custom profile is created, that never seems to come available in Active Directory.

Any ideas on what to try or other resources?
Tim GagneTim Gagne
We ran into the same issue. We got around it by going to the new Azure portal ( All of the custom profiles were there and after assigning a custom profile, there were also available in the old Azure portal as well. Hope this helps!
Mahmood Syed 6Mahmood Syed 6
I am running into same issue where I cannot see any custom profiles in the dropdown in MS Azure AD, tried using the new portal still no luck, can someone please help me on this. Is ther any other way I can fix this. Thanks for your help. Mahmood
Tim GagneTim Gagne
The "new portal" must have been a fluke for us. Now all of a sudden a single custom profile is missing...
Ane BjergeAne Bjerge
We have the same problem with a single custom profile missing in Azure AD. Is there any way to fix this now?
Fabien TurcotteFabien Turcotte
Anyone got around this issue without having to open a ticket with Microsoft?
I have the same problem. Only some standard profiles or "roles" are shown. Anyone?
Kyle Burke 7Kyle Burke 7
Hey guys, just wondering if anyone has had any success with this since the last post in July 2019? Same exact issue being experienced here.. with the added problem of me ticking the update box which led to everyone's custom profiles being reassigned to 'standard user'... fixed now thankfully!
This post appeared in my goolge search while looking for an answer.  Lots of questions above over the years, but no one leaving an answer, or coming back to say how they solved it. ;)

I'm not an Aure AD expert, but as of Jan 2021, I will say that the way I got this working was setting up Auto Provisioning in Azure AD so that Azure can call into and read the target Salesforce org. Let the provision run once, and then once that was done, go back to setting up your users in Azure AD and all the profiles were up to date.  There didn't seem to be a way to have an accurate profile list of your target org without doing this, or at least I couldn't find another way.

Note that turning on and configging auto-provisioning is something else beyond my response, mainly because I couldn't get it to work with my Developer Edition. :P

I was trying to set this up in an Salesforce Developer Edition, and while I could connect to the org, I could never get provisioning to work because my Developer org had two profiles both named "Authenticated Website".  Azure wouldn't sync because it expected a unique name for the list of profiles. Makes sense, SF doesn't let you create profiles with the same names, but in looking at all my developer edition trial orgs, they had the same problem.  No idea why.

But if you got yourself a prouction org, then maybe this tutorial will be helpful:

Good luck!
Mohammed GheitaMohammed Gheita
Hi All, 

Encountered the issue as well with only standard profiles displaying. Try the following: 

1) Go to the provisioning section in Azure.
2) Under the option Provisioning mode, select 'Automatic'. 

Carol Ferreira 1Carol Ferreira 1
I'm still facing this issue, none of my custom profiles appear in AD. Has anyone found a way to fix this?

Thanks in advance!
陽介 栗田 9陽介 栗田 9
Use the data loader to edit either of the duplicate profile names.
This will eliminate the duplicate profile names so that you can get the correct profile names in AAD from the developer environment.

One more thing!
Please make sure to check the Enable Single Sign-On checkbox in your profile settings.
Integrate Salesforce with Azure AD for Single Sign-On

Below are the steps to update the profiles in the Azure AD Salesforce Enterprise Application
  1. Go the Salesforce Enterprise App in Azure
  2. Click "Provisioning" (Provisioning must be set to "Automatic")
  3. Click "Update Credentials"
  4. Click the arrow to expand "Admin Credentials"
  5. Re-add the credentials (username, password and security token) and test it to confirm
  6. Save the changes and close the Provisioning window
  7. Click "Users and groups"
  8. Click "Add user/group"
  9. Select the Profile form the list (All profiles in your org should be listed)
  10. Select the user or group
  11. Click "Provisioning"
  12. Click "Provision on Demand"
  13. Select the user(s) and/or group(s) you added and complete the provisioning process. Check for provisioning errors
  14. Test Single Sign-On from Microsoft My Apps by clicking the Salesforce Icon

You may need to make additional changes depending on your configuration. Contact me or reply to this post if you need additional support.

Please give a thumbs up if this guidance was useful to you.


Vincent Chen 36Vincent Chen 36
That information was not what he was originally asking for. He was looking to set up custom profiles not to enable user provisioning.

If you don't want to provision users and don't want to choose a role you need to do:


  1. App registration
  2. Manifest change isEnable > false
  3. App roles  delete them all.
  4. Add the users in the enterprise application
Manage the users in salesforce instead with your custom roles.