Deploy CLI Error "SCIM request failed with statusCode 403 (insufficient_scope). Insufficient scope, expected any of: read:scim_config"

Overview

When using the deploy CLI, the following error is observed:

SCIM request failed with statusCode 403 (insufficient_scope). Insufficient scope, expected any of: read:scim_config.

There is no SCIM enabled on any of the connections.

This article details why this error is appearing.

Applies To

  • Deploy CLI
  • SCIM
  • Enterprise Connections

Cause

The deploy CLI calls the Get a connection’s SCIM configuration endpoint for all enterprise connections regardless of whether SCIM is enabled. The endpoint requires the “read:scim_config” scope.

If the endpoint returns 404, SCIM will be considered disabled, but if the “read:scim_config” scope is not present in the access token, it will return an insufficient scope error.

Solution

In the Machine-to-Machine Applications section of the Management API settings, grant the “read:scim_config” scope to the deploy CLI’s application.

Related References