# Backend API 17.6.0

### Improvements

* **KA-6430:** Increased number of security keys allowed in one account from 5 to 10.
* **KA-7214:** Implemented SCIM bulk operations.

See [RFC 7644, Section 3.7](https://datatracker.ietf.org/doc/html/rfc7644#section-3.7).

`https://keepersecurity.com/api/rest/scim/v2/xxx/Bulk`

The SCIM bulk operation is an optional server feature that enables clients to send a potentially large collection of resource operations in a single POST request.

The body of a bulk operation contains a set of HTTP resource operations using one of the HTTP methods supported by the API, i.e., POST, PUT, PATCH, or DELETE.

Current limits can be discovered in response of `/ServiceProviderConfig` request:

`... "bulk": { "supported": true, "maxOperations": 1000, "maxPayloadSize": 1048576 }, ...`

Those 3 parameters are populated from next properties: `SCIM_BULK_SUPPORTED`,\
`SCIM_BULK_MAX_OPERATIONS` and `SCIM_BULK_MAX_PAYLOAD_SIZE`.

We do not support circular bulk references. HTTP status code 409 (Conflict) will be returned in this case.

***

* **KA-7002:** Raised SCIM GET Users endpoint limit to 10k Users.
* **KA-7454:** Modified login API process to improve cross-region account switching.
* **KA-7466:** Improved login session updates for when the database is in a lock wait state.&#x20;
* **KA-7568:** Moved Category of ARAM events for KeeperAI.
* **KA-7380:** Added ARAM events for KeeperAI session lock/unlock actions.
* **KA-7384:** Removed User ID from passkey list retrieval API.
* **KA-7537:** Added PEDM entry for RMD Security Benchmark.

## Bugs

* **KA-5976:** Issue fixed with **granular role enforcements (GRE)**: External Sharing Prevented with a wrong user message.
* **KA-6009:** Issue fixed with GRE: Inbound Sharing Prevented with a wrong user message.
* **KA-6046:** Issue fixed with GRE: Receive Shared Items displaying a wrong modal.
* **KA-6050:** Issue fixed with GRE: Sharing w attachment displaying a wrong modal.
* **KA-6053:** Issue fixed where GRE: Outbound sharing is restricted - "can only receive" was displaying wrong modal generating for permissions.
* **KA-6308:** Fixed issue where clearing security data did not reset reused password count.
* **KA-6345:** Fixed an issue with the "Forbid Account Transfer" flag interfering with a Key getting set on user creation.
* **KA-6418:** Fixed issue with removed shared folders in the sync down API.
* **KA-6437:** Fixed issue where no more that one event per second is returned by ARAM audit event reports when certain MSP related events are generated.
* **KA-6908:** Fixed issue with reading user revisions in some scenarios.
* **KA-6988:** Fixed an issue where an MSP Admin launched into an MC can't process SCIM when adding a user to the team.
* **KA-7078:** Fixed issue where role add users provided incorrect status code for each user.
* **KA-7202:** Fixed issue when trying to update non-existent Security Data Entry.&#x20;
* **KA-7351:** Fixed issue where a PAM admin is able to add more users then allowed to a PAM role by admin adding multiple users at the same time.
* **KA-7354:** Fixed issue in PAM where an invited user added to default PAM role allows an admin to go over PAM license limit.
* **KA-7356:** Fixed an issue with the Endpoint Manager Free Trial Seats.
* **KA-7372:** Fixed a Managed Company issue where an Admin can purchase PAM with less seats than they are consuming.
* **KA-7383:** Fixed issue with switch account list and a login enforcement.&#x20;
* **KA-7390:** Fixed an issue where some Managed Service Providers in testing are hitting an error "Does not have managed roles privilege" when adding users to roles in Managed Company.
* **KA-7408:** Corrected an Audit Event Type typo.
* **KA-7413:** Fixed an issue with SCIM getting a timeout error when sending SCIM requests.
* **KA-7444:** Removed Discovery ARAM events temporarily, will be fixed in an upcoming release.
* **KA-7446:** Fixed an issue where a SCIM event is created twice when sending a PATCH request.&#x20;
* **KA-7453:** Fixed Enterprise issue where making a License Snapshot create a production error.
* **KA-7459:** Fixed API update device errors when no client version was provided.
* **KA-7463:** Fixed an issue with sync\_down failing with "SQL Exception root folder was not found".
* **KA-7464:** Removed Lock Wait where it was causing errors.
* **KA-7475:** Updated KeeperAI event categories.
* **KA-7483:** Marking deleted rotation records as disabled in Router rotation info.
* **KA-7491:** Fixed issue where API isn't throwing errors and also was not adding Users to Role when adding users.
* **KA-7496**: Fixed SCIM issue where Roles were ignored in both POST and PUT.
* **KA-7515:** Fixed issue where Linked Devices with Stay Logged in can forbid Logout
* **KA-7550:** Issue fixed where a Locked User with TOTP enabled is still able to elevate an application with Privileged Elevation and MFA control.
* **KA-7579:** Fixed GRE: No error message for enforcement 'Can share records with file attachments' when moving record to the shared folder with right click.