Skip to content

Commit ca4f7f4

Browse files
mcescalanteMike Escalantedcpena
authored
Add SCIM provisioning troubleshooting page (#26223)
* Add SCIM troubleshooting page with instructions for restoring Super Admins * Update wording from suggestions and fix links Co-authored-by: Denise Peña <75506267+dcpena@users.noreply.github.com> --------- Co-authored-by: Mike Escalante <mcescalante@cloudflare.com> Co-authored-by: Denise Peña <75506267+dcpena@users.noreply.github.com>
1 parent 0ba5ce3 commit ca4f7f4

File tree

2 files changed

+34
-0
lines changed

2 files changed

+34
-0
lines changed

src/content/docs/fundamentals/account/account-security/scim-setup/index.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ Expectations for user lifecycle management with SCIM:
3434
## Limitations
3535

3636
- If a user is the only Super Administrator on an Enterprise account, they will not be deprovisioned.
37+
- It is possible to unintentionally remove all account Super Administrators by misconfiguring SCIM groups. Refer to [SCIM troubleshooting](/fundamentals/account/account-security/scim-setup/troubleshooting/) for more information.
3738

3839
## Prerequisites
3940

src/content/docs/fundamentals/account/account-security/scim-setup/troubleshooting.mdx

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
---
2+
pcx_content_type: how-to
3+
title: SCIM troubleshooting
4+
sidebar:
5+
label: Troubleshooting
6+
---
7+
8+
## Restore Super Administrator after group misconfiguration
9+
10+
If you have removed all Super Administrators mistakenly, you can restore the role to account member(s) using the Account API Token you created for SCIM provisioning.
11+
12+
First, fetch a list of account members and find the member ID for the user you want to restore Super Admin to via [list members].(/api/resources/accounts/subresources/members/methods/list/)
13+
14+
```curl
15+
curl -X GET "https://api.cloudflare.com/client/v4/accounts/{account_id}/members" \
16+
-H "Authorization: Bearer YOUR_SCIM_AOT" \
17+
-H "Content-Type: application/json"
18+
```
19+
20+
Then restore the Super Admin role to that member via [update member](/api/resources/accounts/subresources/members/methods/update/)
21+
22+
```curl
23+
curl -X PUT "https://api.cloudflare.com/client/v4/accounts/{account_id}/members/{member_id}" \
24+
-H "Authorization: Bearer YOUR_SCIM_AOT" \
25+
-H "Content-Type: application/json" \
26+
-d '{
27+
"roles": ["33666b9c79b9a5273fc7344ff42f953d"]
28+
}'
29+
```
30+
31+
:::note
32+
33666b9c79b9a5273fc7344ff42f953d is the Super Administrator role ID
33+
:::

0 commit comments

Comments
 (0)