Auth0 tenants can support large volumes of users, often exceeding 10,000 in enterprise scenarios. However, administrators or developers attempting to perform a mass import of users via SCIM may encounter issues if they use standard Bulk Operations or fail to account for API rate limits. Auth0 does not support SCIM Bulk Operations (RFC 7644 Section 3.7). Consequently, users must be imported individually, which requires careful management of request rates to avoid errors.

• Inbound SCIM
• User Import and Migration
• API Rate Limits
• Enterprise Connections

The issue stems from two primary factors:

• Unsupported Bulk Feature: Auth0 does not support the SCIM Bulk Operations standard defined in RFC 7644 Section 3.7. There is no single endpoint to accept a batch of user creation requests.
• Rate Limiting: Distinct requests sent to the SCIM Create endpoint are subject to API rate limits. For Enterprise Plans, this limit is typically set to 25 requests per second. Exceeding this will trigger HTTP 429 (Too Many Requests) errors.

To successfully import a large volume of users via SCIM, the implementation must structure requests to send individual requests while strictly adhering to rate limits.

Create Users Individually

Since bulk requests are not supported, a separate request must be sent for each user import.

• 1. Target the SCIM POST endpoint.

  2. Ensure every user has a distinct API call.

Implement Throttling or Queuing

To prevent hitting the API rate limit (429 errors), the import script or application must control the speed of outbound requests.

• • Rate Limit: Limit logic to a maximum of 25 requests per second. For more information, please check the Rate Limits documentation.

  • Queue System: Implement a queue to manage the backlog of users to be created.

  • Throttling Logic: Add delays or "sleep" intervals between requests or request batches to flatten traffic spikes.