I’d like to know if we’re going about this the wrong way or it is a bug in the SCIM process that we’ve set up for user provisioning, so any feedback would be appreciated.
Scenario:
Enterprise organization, SCIM enabled for provisioning from Azure AD.
- Provision a user in the app by adding it to the Azure AD enterprise app (either directly or via a group).
- Wait for the user to be added in Bitwarden.
- User tries the solution, determines they don’t need it. Remove user from the enterprise app in Azure AD. User gets status ‘revoked’ in Bitwarden from the automatic provisioning process that runs every 40 mins or so.
- User apparently needs access after all, and is re-added to the Azure AD enterprise app. Still exists in Bitwarden, so I just restore the access in the portal.
- SCIM provisioning fails when trying to add the user again because it already exists.
The user itself is fine and can use the service, but SCIM keeps failing and retrying the user with each cycle. Shouldn’t this be detected and show as a ‘Skipped’ status in the provisioning logs rather than failing and being retried indeterminately? Do we have to fully delete the account (and their vault) before reprovisioning a user that has been provisioned once before?