Entra ID SCIM with Auth0 throws "Change enumeration is not supported on scaled partition" error

Help
, ,
1

Following this Auth0 guide for integration with SCIM and Microsoft Enter ID. It throws the following error when trying to do an incremental sync. The initial synchronization always works fine—the incremental no.

Response: {"odata.error":{"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"Change enumeration is not supported on scaled partitions."}}}

Screen Shot 2024-10-28 at 9.01.55 PM
Screen Shot 2024-10-28 at 9.01.55 PM1334×749 86.6 KB

Screen Shot 2024-10-28 at 9.04.16 PM
Screen Shot 2024-10-28 at 9.04.16 PM1334×363 43.2 KB

The provisioning logs do not throw any errors.

And the Auth0 logs show a get all users with the following pattern (that uuid does not exist and is different in each provisioning restart, after this query the application enters quarantine without giving further explanation in the logs.

{
  "action": "get_users",
  "connection_id": "XXX",
  "request": {
    "method": "get",
    "path": "/scim/v2/connections/XXX/Users",
    "query": {
      "filter": "userName eq \"2d3e6ca7-0438-4298-acc1-16810246c432\""
    },
    "ip": "20.190.130.42"
  },
  "response": {
    "statusCode": 200,
    "body": {
      "totalResults": 0,
      "itemsPerPage": 0,
      "startIndex": 1,
      "Resources": [],
      "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
      ]
    }
  }
}

Some clarifications.

  • I have reviewed the attribute mapping and everything is as per the guide.
  • I have tried creating applications from scratch at least 3 times, and they all get the same error.
  • In addition to disabling group synchronization, which Auth0 does not support, I have left only User synchronization.
  • I have added the users directly to the application without using any group.
  • Auth0 does not show errors in the logs. The only thing I have noticed is that the get all users query uses a supported filter but with user IDs that do not exist, and those IDs are also different in each request.
  • Entra ID does not show that gets all users requests in the logs, and it does not show the error either. I don’t really have anything in the Entra ID console that allows me to identify the request that is causing my application to go into quarantine.
  • I am only trying to synchronize 1 user, therefore the workload is minimal.
  • The manual provisioning suggested in the guide works, but after the initial synchronization, the application goes into quarantine when trying to run the next incremental cycle.

Some Questions

  • Could this error be related to these trial periods? (I am currently using the Entra ID trial period with an external tenant. On Auth0 I am also in the trial period)
  • Is there any way to investigate in more detail what may be causing this error?