![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 62%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,636 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
What you're describing is working by design from the Azure AD side. The behavior of the generic SCIM connector offered with custom non-gallery applications is to send group memberships one per request. If the attempt to PATCH add/remove a group membership fails, it will be saved and retried later. Are you able to either temporarily or permanently increase the number of requests per second that your SCIM endpoint can accept so that the initial population of the group memberships can be done without the SCIM server sending 429s? There aren't many options on the client(Azure AD) side of this that will help you out here, unfortunately - the group memberships need to be sent over, and the 429s are going to cause that to take an incredibly long time as the generic SCIM connector doesn't have any request rate limiting available on it.