Hi all, our customer is synchronizing users by configuring SCIM provisioning in Azure AD. In order to provide SCIM endpoint security, we have implemented rate limiting for SCIM service. After 2 days of normal operation,the requests sent by Azure AD suddenly reached the rate limit and our scim service blocked the requests for a short period of time, putting the customer's provisioning into quarantine.
I would like to ask if Azure AD's provision can recognize the 429 response (with Retry-After header) to slow down the rate at which it sends requests?
Also is it possible to tell if the rate at which Azure AD sends requests increases over time, or can you provide the rate at which Azure AD sends requests by default? Thanks!
I read the following paragraph in the documentation, it seems that Microsoft can adjust the sending request for the rate limitation of the target system, is there anything that the target system needs to do in order to implement this? For example, in response to 429(with Retry-After header).
- Request rate limits and throttling implemented by the target system. Some target systems implement request rate limits and throttling, which can impact performance during large sync operations. Under these conditions, an app that receives too many requests too fast might slow its response rate or close the connection. To improve performance, the connector needs to adjust by not sending the app requests faster than the app can process them. Provisioning connectors built by Microsoft make this adjustment.
from https://learn.microsoft.com/en-us/entra/identity/app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user#how-long-will-it-take-to-provision-users