SCIM deprovisioning fails when IP restriction is enabled and user has direct membership to projects
Summary
SCIM deprovisioning fails when IP restriction is enabled and user has direct membership to projects.
Steps to reproduce
- Configure a group with SAML and SCIM
- Restrict group access by IP address
- Link SAML and SCIM identities to a user
- Create a project in the group
- Invite the user as a direct member of the project
- Initiate a SCIM deprovision for the user
What is the current bug behavior?
SCIM request fails with a 403 and the user remains in the group
What is the expected correct behavior?
SCIM request succeeds as expected and removes the user from the group
Relevant logs and/or screenshots
audit_json: Attempting to access IP restricted group
Edited by Jiovanni Castillo