From 907c56c20084a72ae197fbb5cf82f37b9cb72a28 Mon Sep 17 00:00:00 2001
From: Jenny Zhang <jz@tailscale.com>
Date: Thu, 20 Jul 2023 17:51:46 -0400
Subject: [PATCH] api.md: add documentation to API endpoint about SCIM group
 warnings

Updates #8645
Signed-off-by: Jenny Zhang <jz@tailscale.com>
---
 api.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/api.md b/api.md
index f23525711..8355e9bd0 100644
--- a/api.md
+++ b/api.md
@@ -1114,6 +1114,21 @@ Look at the response body to determine whether there was a problem within your A
   }
   ```
 
+If your tailnet has [user and group provisioning](https://tailscale.com/kb/1180/sso-okta-scim/) turned on, we will also warn you about
+any groups that are used in the policy file that are not being synced from SCIM. Explicitly defined groups will not trigger this warning.
+
+```jsonc
+{
+  "message":"warning(s) found",
+  "data":[
+          {
+            "user": "group:unknown@example.com",
+            "warnings":["group is not syncing from SCIM and will be ignored by rules in the policy file"]
+          }
+        ]
+}
+```
+
 <a href="tailnet-devices"></a>
 
 ## List tailnet devices