Add transactional argument

ee/app/services/group_saml/identity/destroy_service.rb

@@ -11,8 +11,8 @@ module GroupSaml
         @identity = identity
       end
 
-      def execute
-        Identity.transaction do
+      def execute(transactional: false)
+        with_transaction(transactional) do
           identity.destroy!
           remove_group_access
         end
@@ -20,6 +20,10 @@ module GroupSaml
 
       private
 
+      def with_transaction(transactional, &block)
+        transactional ? ::Identity.transaction { yield } : yield
+      end
+
       def remove_group_access
         return unless group_membership
         return if group.last_owner?(user)

ee/lib/api/scim.rb

@@ -17,7 +17,7 @@ module API
         end
 
         def destroy_identity(identity)
-          GroupSaml::Identity::DestroyService.new(identity).execute
+          GroupSaml::Identity::DestroyService.new(identity).execute(transactional: true)
 
           true
         rescue => e
@@ -34,9 +34,11 @@ module API
           error!({ with: EE::Gitlab::Scim::Error }.merge(detail: message), 409)
         end
 
+        # rubocop: disable CodeReuse/ActiveRecord
         def email_taken?(email, identity)
           User.by_any_email(email.downcase).where.not(id: identity.user.id).count > 0
         end
+        # rubocop: enable CodeReuse/ActiveRecord
       end
 
       resource :Users do

ee/spec/services/group_saml/identity/destroy_service_spec.rb

@@ -21,6 +21,18 @@ describe GroupSaml::Identity::DestroyService do
     expect(identity).to be_destroyed
   end
 
+  it "does not use a transaction" do
+    expect(::Identity).to receive(:transaction).and_yield.once
+
+    subject.execute
+  end
+
+  it "uses a transaction when transactional is set" do
+    expect(::Identity).to receive(:transaction).and_yield.twice
+
+    subject.execute(transactional: true)
+  end
+
   it "removes access to the group" do
     expect do
       subject.execute