Which part? Which one?
SSO / SCIM provisioning (Azure AD / Entra)
Description
Customer following the Azure AD SCIM guide ran into “Invalid Patch Operation” errors during Azure’s periodic PATCH updates (active=true), and deprovisioning becomes unreliable or confusing. The docs don’t mention this limitation, which leads to support cases and quarantine concerns.
Suggested Solution
Add a short “Known limitations” note to https://docs.sentry.io/organization/authentication/sso/azure-sso/ explaining:
- Sentry’s SCIM PATCH only supports active=false (deprovision)
- Azure sends periodic PATCH updates that may error but do not block provisioning
- Disabling “Update” in Azure breaks deprovisioning
- If a user is stuck as
idp:provisioned, removal can be done via SCIM DELETE API
Link to existing bug: getsentry/sentry#114322
Which part? Which one?
SSO / SCIM provisioning (Azure AD / Entra)
Description
Customer following the Azure AD SCIM guide ran into “Invalid Patch Operation” errors during Azure’s periodic PATCH updates (active=true), and deprovisioning becomes unreliable or confusing. The docs don’t mention this limitation, which leads to support cases and quarantine concerns.
Suggested Solution
Add a short “Known limitations” note to https://docs.sentry.io/organization/authentication/sso/azure-sso/ explaining:
idp:provisioned, removal can be done via SCIM DELETE APILink to existing bug: getsentry/sentry#114322