SCIM 1.1 Group Update docs don't match real life behavior

Questions SCIM
1

Hello,

I am developing a SCIM API for Okta using the AIW method following the docs
here: SCIM 1.1 Protocol Reference | Okta Developer
and here: Add SCIM provisioning to app integrations | Okta.

I’m working on the “Update Specific Group Membership” endpoint outlined here: SCIM 1.1 Protocol Reference | Okta Developer and am a bit confused about the behavior I’m seeing in logs vs. the behavior outlined in the docs.

I have an application setup with 2 groups: one for application assignment, and one as a push group. These are two separate groups as mentioned in the docs. I am able to add a user to the application correctly. The push group is able to add a user to the group correctly; however removing the user from the push group doesn’t remove them from the application.

I see the following behavior in the logs:

  1. Add UserA to the push group

a. GET /Groups/group_id, response has members list w/ all members from the Service Provider group.
b. PUT /Groups/group_id, request sends the full members list from the previous GET request.

For 2.b I am only expecting UserA in the members array for the PUT. Is sending the full list of members expected behavior from Okta?

  1. Remove UserA from the push group
    a. PUT /Groups/group_id, request from Okta has members=None in the body.
    b. GET /Groups/group_id, response to Okta has members list w/ all members
    c. PUT /Groups/group_id, request from Okta sends the members list w/ all members except for UserA back the the SCIM API.

For 2.a I am expecting a PUT with
members=[{“value”:“UserA”, “display":"UserA@company.com”,“operation”:“delete”}] as per the docs. Is the 2.a PUT with members=None a bug from the Okta side?

2.b and 2.c make a little bit of sense since “The group name update operation is triggered each time there is a group membership update operation.” However, I am not expecting the “members” array in the 2.c PUT request as per the docs (SCIM 1.1 Protocol Reference | Okta Developer)

Is there an outline for the full flow of API calls Okta will make to the SCIM server for Group operations?

Thanks