Enterprise teams sync with Azure AD: how regularly should github-team-synchronization bot run?

[dmakovec-astralas]

We have an enterprise account and set up Teams Synchronisation at the enterprise level using Azure AD as our IDP.

In one of our organizations we have configured the org's teams to synchronise with specific AAD groups.

I can see in the audit log, several github-team-synchronization[bot] entries from 27 days ago where I added and removed several users to and from from groups on the AAD side, and consequentally the sync process automatically added and removed from the configured org teams on GitHub.

This morning however (about 6 hours ago), I added an AAD user to two groups, and as of now there has still been no activity in the audit log from github-team-synchronization[bot] - neither actions taken nor any errors.

Is this delay normal behaviour? Should it take more than 6 hours for a sync to occur? How long should I expect it to take, and is there a way to force the bot to perform a manual sync?

Thanks

[benhatton-admin-unsw-edu-au]

This just seems super flakey and maybe broken. In my case, the directory membership is not changing, but people are being added (SSO after SCIM invitation) to the org that are already present in the synced team. At least 30 mins delay, and I have a couple of teams based on the same directory group and they don't update at the same time. Meanwhile the team config says "synced xx minutes ago" - typically 10 mins or so. So something is running frequently, but overtly failing to update the team membership.

[erose96]

The only way I have found to force a sync is to do the following:

• Navigate to the Settings section of the GitHub team being synced
• Remove the Identity Provider group and before saving re-add the group back
• Save your changes only once the group has been added back

It would be preferable to have a built-in option as this workflow leaves a lot of room for human error.

[dominikayyildiz]

Create an empty (dummy) team in your IdP. Temporarily link this team to the GitHub team to force a re-sync with the other linked IdP groups. Once the synchronization has completed, you can safely remove the empty team again. This approach ensures that no existing team members are removed.