Skip to main content

v26.2.18

v26.2.18

Fix SCIM group membership data loss and conflict reporting

Fixes several SCIM provisioning defects affecting Microsoft Entra ID, Okta, and WorkOS clients.

  • Removing a member from a group no longer removes that user from their other groups; the delete is scoped to the changed group.
  • Groups now return their complete membership: no duplicated entries, and no silent truncation past 1000 combined members and subgroups (which previously dropped the missing members on the next update).
  • PATCH remove without a path now returns 400 noTarget (RFC 7644) instead of erasing the entire user or group.
  • Creating a user that already exists returns 409 uniqueness instead of 500. Duplicate group externalId and cross-organization conflicts also use uniqueness.
  • Correct HTTP status on errors: an invalid filter on Users/Groups returns 400 invalidFilter (was 404 for Groups), and unexpected persistence errors return 500 (was 404).
  • An absent active attribute now defaults to active instead of creating a disabled user; explicit active: false still deactivates.
  • PATCH replace whose value-path filter matches nothing returns 400 noTarget instead of silently creating a fabricated element.

Ory Network

The largest Identity and Access Management network in the world. So you can get back to building your business.

Sign up for free