This is very odd.

@coadler do we audit all SCIM events? Is there any logging we do that could help?

Is it possible your SCIM provider is marking them as suspended? There shouldn't be anything on our side that would just suspend them..

I'll take a look at the auditing rq

I don't see anything on the Okta side besides these users first being added, and their status seems unchanged.

Would it be possible in the Coder logs to see what caused the suspension?

If you have debug logs enabled you should see a post/patch to /scim/v2/Users/{id} if it came through SCIM.

I do not have debug logging currently enabled. Let me try and reproduce this issue over the next day or two with debug logging enabled and I'll report back.

@coadler I currently have the following set as part of my Coder logging config:

          CODER_VERBOSE=true
          CODER_LOG_FILTER=".*userauth.*|.*groups returned.*|.*scim.*"

We haven't added any users recently so I'll be testing later today manually. If this is insufficient to capture the SCIM events please let me know.

@coadler I am not actually seeing any log lines with scim in them after adding this log filter to my coder deployment. I've been adding and removing users but see nothing (neither in the coder server logs or the audit log). Any ideas?

@coadler I was able to reproduce this issue a few times but no luck as far as collecting any relevant log data with the added log config I mentioned. Any ideas of what I can do to further troubleshoot this? It has blocked more than a dozen new users for >1 day so far.