SCIM deprovisioning fails when IP restriction is enabled and user has direct membership to projects

Summary

SCIM deprovisioning fails when IP restriction is enabled and user has direct membership to projects.

Steps to reproduce

1. Configure a group with SAML and SCIM
2. Restrict group access by IP address
3. Link SAML and SCIM identities to a user
4. Create a project in the group
5. Invite the user as a direct member of the project
6. Initiate a SCIM deprovision for the user

What is the current bug behavior?

SCIM request fails with a 403 and the user remains in the group

What is the expected correct behavior?

SCIM request succeeds as expected and removes the user from the group

Relevant logs and/or screenshots

audit_json: Attempting to access IP restricted group