SCIM Troubleshooting

Common issues and solutions for SCIM provisioning problems.

Common Issues

CauseInvalid or expired SCIM token

SolutionRegenerate the token in SecureCodingHub and update it in your identity provider

NoteTokens don't expire automatically, but can be revoked by an admin

CauseUser with the same email already exists (created manually or via JIT provisioning)

SolutionSCIM will link to the existing user if the email matches. If the conflict persists, check for duplicate email addresses.

CauseOrganization has reached its maxSeats limit

SolutionRemove inactive users or upgrade your plan to increase the seat limit

CausePush Groups not enabled, or the group is not assigned to the application

SolutionEnable Push Groups in your IdP and verify the group is assigned to the SecureCodingHub app

CauseIdP sends PATCH with active=false, not DELETE

SolutionThis is expected behavior — SCIM deactivation sets the user to inactive without deleting their data

When troubleshooting, check the provisioning logs in your identity provider:

Identity Provider	Where to Find Logs
Okta	Applications → your app → Provisioning → Integration → View Logs
Azure AD	Enterprise Applications → your app → Provisioning → Provisioning Logs

All endpoints are relative to the base URL: https://api.securecodinghub.com/api/sch/scim/v2

Endpoint	Method	Description
`/Users`	GET	List users (with filter support)
`/Users`	POST	Create user
`/Users/{id}`	GET	Get user
`/Users/{id}`	PUT	Replace user
`/Users/{id}`	PATCH	Update user attributes
`/Users/{id}`	DELETE	Delete user
`/Groups`	GET	List groups
`/Groups`	POST	Create group
`/Groups/{id}`	PATCH	Update group members
`/Groups/{id}`	DELETE	Delete group

Still having issues? Contact support@securecodinghub.com with your organization name and the error details.