From 6c3bf80892d8e80d076704431df3f1eea376b5f4 Mon Sep 17 00:00:00 2001
From: Ben Potter <ben@coder.com>
Date: Thu, 7 May 2026 12:25:28 -0500
Subject: [PATCH] docs(docs/admin/users/oidc-auth): note SCIM 2.0 support is
 not guaranteed (#25008)

Adds an `[!IMPORTANT]` callout under the SCIM heading in the OIDC auth
docs noting that Coder's SCIM 2.0 implementation is not a fully
certified or guaranteed implementation of the spec. It covers common
provisioning/deprovisioning flows with major IdPs (Okta, Entra ID, etc.)
but specific attributes, endpoints, or behaviors may not be supported
and may change between releases.

This matches what we say in conversations with prospects and avoids
setting an expectation we can't always meet. Background: #15830 (current
implementation is an MVP scoped to Okta cloud; `PATCH` is not RFC 7644
compliant; user updates only change status, not groups/orgs/roles).

Companion PR: coder/coder.com#738 removes the SCIM row from the pricing
comparison.

> Generated with [Coder Agents](https://coder.com/agents)
---
 docs/admin/users/oidc-auth/index.md | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/docs/admin/users/oidc-auth/index.md b/docs/admin/users/oidc-auth/index.md
index ae225d66ca..56adb915c6 100644
--- a/docs/admin/users/oidc-auth/index.md
+++ b/docs/admin/users/oidc-auth/index.md
@@ -136,9 +136,20 @@ CODER_DISABLE_PASSWORD_AUTH=true
 
 ## SCIM
 
-> [!NOTE]
-> SCIM is a Premium feature.
-> [Learn more](https://coder.com/pricing#compare-plans).
+> [!IMPORTANT]
+> SCIM is a Premium feature
+> ([learn more](https://coder.com/pricing#compare-plans)).
+>
+> Coder's SCIM 2.0 implementation is not a fully certified or guaranteed
+> implementation of the [SCIM 2.0 specification](https://datatracker.ietf.org/doc/html/rfc7644).
+> It is intended to cover common user provisioning and deprovisioning flows
+> with the major identity providers (Okta, Microsoft Entra ID, etc.). Specific
+> attributes, endpoints, or behaviors required by your IdP may not be
+> supported, and compatibility may change between releases. If you depend on
+> a specific SCIM behavior, [contact us](https://coder.com/contact) before
+> rolling it out broadly. See
+> [coder/coder#15830](https://github.com/coder/coder/issues/15830) for
+> tracked gaps and ongoing work.
 
 Coder supports user provisioning and deprovisioning via SCIM 2.0 with header
 authentication. Upon deactivation, users are