Short answer: because the SCIM server in Ory can only manage identities that it originally provisioned via SCIM. If an identity already exists in your project/organization and was not created by that SCIM client, the SCIM server is not allowed to modify it, so the operation returns 409 Conflict. Deleting the pre-existing user lets SCIM recreate it under its own control, resolving the conflict. [[Known limitations](https://www.ory.sh/docs/kratos/manage-identities/scim#known-limitations)] Details: - Ory’s SCIM endpoint treats “already-existing, non‑SCIM‑managed identities” as out of scope for SCIM updates. Attempts to create/update such a user collide with the existing record and fail with HTTP 409. [[Known limitations](https://www.ory.sh/docs/kratos/manage-identities/scim#known-limitations)] - The prescribed workaround is to manually delete that identity first; then the SCIM client can create it, after which future updates flow through SCIM. [[Known limitations](https://www.ory.sh/docs/kratos/manage-identities/scim#known-limitations)] If you’re seeing recurring conflicts, check whether the identity was pre-created (manual import, signup, or another client) and ensure SCIM is the system of record for those users going forward.