SCIM app and Okta user oauth2 flow


I am attempting to integrate Okta into Tailscale. We support some SCIM already, so I am exploring that route. But one thing isn’t clear to me: we commonly authenticate users by sending them to external oauth2 providers (such as gsuite and azure active directory). I would like to do that with Okta too, send users to okta and bounce them back to Tailscale. Can I do that if I create an SCIM app?