We have an issue with Azure SCIM provisioning. When a large number of users (ex: 5000 ) is added to a group, our API receives a massive number of requests and a rate limiting mechanism is activated. As a result some requests (not all) receive HTTP 429 response. Azure considers this update a failure and retries it after a while. The issue is that Azure retries the whole set of updates sending the same number of requests again and that triggers rate limiting again. We need Azure to be more "intelligent" and to retry only those request that actually failed (received HTTP 429). It seems that a similar issue was described here, but was not answered by Microsoft.
There is also a suspicion that Azure is not compliant with RFC 7644. In this page Azure expects HTTP 204 in response to Update Group [Add Members]. However, the RFC 7644, Section 3.5.2 says
On successful completion, the server either MUST return a 200 OK
response code and the entire resource within the response body,
subject to the "attributes" query parameter (see Section 3.9), or MAY
return HTTP status code 204 (No Content) and the appropriate response
headers for a successful PATCH request. The server MUST return a 200
OK if the "attributes" parameter is specified in the request.
We believe this may add to the retry issue.