Is it possible to remove a user from all of its groups on a single call to a SCIM API?
My current implementation to do so works the following way:
This approach relies on too many calls to the SCIM API and I would like to know if there is a "shortcut" to it.
There are a few possible ways to approach this. The simplest and most likely to actually be implemented (IMO) would be if the SCIM service provider in question supports SCIM Bulk (https://datatracker.ietf.org/doc/html/rfc7644#section-3.7). In that case, you'd make one bulk request calling out each individual group membership to remove as a separate action inside of the bulk request. This still requires the discovery and iterating through the groups to construct the patch requests, just with fewer HTTP requests being made.
Another option, but less likely to be implemented by the average SCIM service provider, would be to do a PATCH to /Groups?filter=members.value eq "userIDValue" with the body being a PATCH remove members[value eq "userIDValue"]. In practice, I don't think many SCIM implementations support modifying resources using a filter to select a set of targets, but the spec does allow for it.