Category: SCIM, API
Summary: Enforce limits to Group and User page count limit to avoid internal rate limits
Context: Currently there are no limits to the page size that may be requested with a GET api/v2/scim/users or api/v2/scim/groups. There are some third party SCIM integrations that try to use counts greater than 25 when trying to fetch all groups or users. These integrations can fail because of exceeding internal rate limits for the number of internal operations performed. To prevent those requests from failing we will limit the actual count performed to 25. This restriction is not performed if the query parameters “attributes” or “excludedAttributes” are used to limit the values returned for the Users or Groups.
Impact: The API may return fewer results than requested. This is allowed by SCIM RFC so should not impact properly behaving integrations or applications.
Date of Change: April 12, 2021.
Impacted APIs: GET api/v2/scim/users or api/v2/scim/groups with query parameter count greater than 25 and no value specified for query parameter “attributes” or “excludedAttributes”.
References: BPIVR-2289