Azure SCIM user sync/delete error

[rkaplers]

Environment

self-hosted (https://develop.sentry.dev/self-hosted/)

Steps to Reproduce

1. Configure Azure SSO and SCIM based on https://docs.sentry.io/organization/authentication/sso/azure-sso/#scim-integration
2. Add or remove a user in Azure to Enterprise Application > Users and Groups
3. SCIM runs automatically every 40 minutes

Expected Result

1. User is added/updated or removed based on if he is present in Enterprise Application > Users and Groups

Actual Result

When adding user to Users and Groups in Enterprise application, SCIM successfully creates user on initial run.

Each subsequent SCIM runs produce error for every user:
Failure
Action: Update
UPN : xxxxxx
Type: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

Details
Error code: SystemForCrossDomainIdentityManagementServiceIncompatible

StatusCode: BadRequest
Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details.
Web Response:

{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
"detail": {
"Operations": {
"op": [""add" is not a valid choice"],
"value": ["value must be a boolean or object"]
}
}
}

I came across similar issue in a different thread: getsentry/sentry#79354, where OP suggested:
"Update: the original reported solved the issue by removing the "update" option from "Target Object Actions" in Azure."

It does resolve the issue with subsequent SCIM runs and the user creation works, however, user removal does not work.

Product Area

Settings - Auth

Link

No response

DSN

No response

Version

25.1.0

[getsantry]

Assigning to @getsentry/support for routing ⏲️