Overview
When using the deploy CLI, the following error is observed:
SCIM request failed with statusCode 403 (insufficient_scope). Insufficient scope, expected any of: read:scim_config.
There is no SCIM enabled on any of the connections.
This article details why this error is appearing.
Applies To
- Deploy CLI
- SCIM
- Enterprise Connections
Cause
The deploy CLI calls the Get a connection’s SCIM configuration endpoint for all enterprise connections regardless of whether SCIM is enabled. The endpoint requires the “read:scim_config” scope.
If the endpoint returns 404, SCIM will be considered disabled, but if the “read:scim_config” scope is not present in the access token, it will return an insufficient scope error.
Solution
In the Machine-to-Machine Applications section of the Management API settings, grant the “read:scim_config” scope to the deploy CLI’s application.