Hi @cowe,
I believe this concern was recently discussed in the community and I believe the culprit is rate limiting by Microsoft on the MS Graph APIs: Entra SaaS connector provisioning issue - #19 by TheOneAMSheriff
Microsoft Graph enforces rate limits on provisioning operations, which commonly causes timeouts with large groups (5000+ members). Your provisioning failures should automatically retry in the next identity refresh cycle.
For immediate relief, consider:
-
Schedule implementations for Entra ID roles during off-peak hours, especially away from aggregation timings.
-
Temporarily modifying role criteria to reduce members sizes if you see fit.
Good luck