From 9dc7ba25e42275f977a67f998c19f578138f2430 Mon Sep 17 00:00:00 2001 From: Mike Escalante Date: Fri, 31 Oct 2025 10:34:26 -0700 Subject: [PATCH 1/2] Add SCIM troubleshooting page with instructions for restoring Super Admins --- .../account-security/scim-setup/index.mdx | 1 + .../scim-setup/troubleshooting.mdx | 33 +++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 src/content/docs/fundamentals/account/account-security/scim-setup/troubleshooting.mdx diff --git a/src/content/docs/fundamentals/account/account-security/scim-setup/index.mdx b/src/content/docs/fundamentals/account/account-security/scim-setup/index.mdx index 022d07898056bf..1d274ac031af06 100644 --- a/src/content/docs/fundamentals/account/account-security/scim-setup/index.mdx +++ b/src/content/docs/fundamentals/account/account-security/scim-setup/index.mdx @@ -34,6 +34,7 @@ Expectations for user lifecycle management with SCIM: ## Limitations - If a user is the only Super Administrator on an Enterprise account, they will not be deprovisioned. +- It is possible to unintentionally remove all account Super Administrators by misconfiguring SCIM groups. See [SCIM troubleshooting](/fundamentals/account/account-security/scim-setup/troubleshooting/) for more information. ## Prerequisites diff --git a/src/content/docs/fundamentals/account/account-security/scim-setup/troubleshooting.mdx b/src/content/docs/fundamentals/account/account-security/scim-setup/troubleshooting.mdx new file mode 100644 index 00000000000000..498c7814d3261e --- /dev/null +++ b/src/content/docs/fundamentals/account/account-security/scim-setup/troubleshooting.mdx @@ -0,0 +1,33 @@ +--- +pcx_content_type: how-to +title: SCIM troubleshooting +sidebar: + label: Troubleshooting +--- + +## Restore Super Administrator after group misconfiguration + +If you have removed all Super Administrators mistakenly, you can restore the role to account member(s) using the Account API Token you created for SCIM provisioning. + +First, fetch a list of account members and find the member ID for the user you want to restore Super Admin to via [list members](https://developers.cloudflare.com/api/resources/accounts/subresources/members/methods/list/) + +```curl +curl -X GET "https://api.cloudflare.com/client/v4/accounts/{account_id}/members" \ + -H "Authorization: Bearer YOUR_SCIM_AOT" \ + -H "Content-Type: application/json" +``` + +Then restore the Super Admin role to that member via [update member](https://developers.cloudflare.com/api/resources/accounts/subresources/members/methods/update/) + +```curl +curl -X PUT "https://api.cloudflare.com/client/v4/accounts/{account_id}/members/{member_id}" \ + -H "Authorization: Bearer YOUR_SCIM_AOT" \ + -H "Content-Type: application/json" \ + -d '{ + "roles": ["33666b9c79b9a5273fc7344ff42f953d"] + }' +``` + +:::note +33666b9c79b9a5273fc7344ff42f953d is the Super Administrator role ID +::: From 6aea0be7805159ebdfea17a49dff7326a3836150 Mon Sep 17 00:00:00 2001 From: Mike Escalante Date: Tue, 4 Nov 2025 09:10:18 -0800 Subject: [PATCH 2/2] Update wording from suggestions and fix links MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Denise Peña <75506267+dcpena@users.noreply.github.com> --- .../account/account-security/scim-setup/index.mdx | 2 +- .../account/account-security/scim-setup/troubleshooting.mdx | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/fundamentals/account/account-security/scim-setup/index.mdx b/src/content/docs/fundamentals/account/account-security/scim-setup/index.mdx index 1d274ac031af06..7dad7cb9bcdb6e 100644 --- a/src/content/docs/fundamentals/account/account-security/scim-setup/index.mdx +++ b/src/content/docs/fundamentals/account/account-security/scim-setup/index.mdx @@ -34,7 +34,7 @@ Expectations for user lifecycle management with SCIM: ## Limitations - If a user is the only Super Administrator on an Enterprise account, they will not be deprovisioned. -- It is possible to unintentionally remove all account Super Administrators by misconfiguring SCIM groups. See [SCIM troubleshooting](/fundamentals/account/account-security/scim-setup/troubleshooting/) for more information. +- It is possible to unintentionally remove all account Super Administrators by misconfiguring SCIM groups. Refer to [SCIM troubleshooting](/fundamentals/account/account-security/scim-setup/troubleshooting/) for more information. ## Prerequisites diff --git a/src/content/docs/fundamentals/account/account-security/scim-setup/troubleshooting.mdx b/src/content/docs/fundamentals/account/account-security/scim-setup/troubleshooting.mdx index 498c7814d3261e..44b19ce6da6116 100644 --- a/src/content/docs/fundamentals/account/account-security/scim-setup/troubleshooting.mdx +++ b/src/content/docs/fundamentals/account/account-security/scim-setup/troubleshooting.mdx @@ -9,7 +9,7 @@ sidebar: If you have removed all Super Administrators mistakenly, you can restore the role to account member(s) using the Account API Token you created for SCIM provisioning. -First, fetch a list of account members and find the member ID for the user you want to restore Super Admin to via [list members](https://developers.cloudflare.com/api/resources/accounts/subresources/members/methods/list/) +First, fetch a list of account members and find the member ID for the user you want to restore Super Admin to via [list members].(/api/resources/accounts/subresources/members/methods/list/) ```curl curl -X GET "https://api.cloudflare.com/client/v4/accounts/{account_id}/members" \ @@ -17,7 +17,7 @@ curl -X GET "https://api.cloudflare.com/client/v4/accounts/{account_id}/members" -H "Content-Type: application/json" ``` -Then restore the Super Admin role to that member via [update member](https://developers.cloudflare.com/api/resources/accounts/subresources/members/methods/update/) +Then restore the Super Admin role to that member via [update member](/api/resources/accounts/subresources/members/methods/update/) ```curl curl -X PUT "https://api.cloudflare.com/client/v4/accounts/{account_id}/members/{member_id}" \