Group endpoints may exhibit performance problems due to a number of validations that are not exactly necessary. These validations incur one DB query per user associated to a given group which can degenerate in very high response times (and excessive load) when groups contain thousands of members.

A careful analysis and optimization of existing validations is needed.

A community customer reporting 502 responses when interacting with Group endpoints helped unveiled this problem. See ticket 9929.

Proper notes will be added to official docs. In summary there will be 2 ways to reduce the overhead:

• Supply a time saver value for spec query param excludedAttributes, for instance members.display. This will avoid making queries under people branch to get users' display names one by one
• Supply query param Group-Overhead-Bypass (with any value) so that incoming group data is not validated. As an example when adding members to a group, no checks regarding the existence of those users will take place. When this param is present, members.display is assumed to be excluded regardless of the actual value of excludedAttributes

In general, the quality of existing data will always be taken for granted. Previously, existing group members (data already stored) were checked for existence (in users' branch) when certain SCIM operations were performed. This helped to have accurate response data all the time, however, it should not be SCIM responsability to do so.