SCIM manager workflow

NeilP · February 24, 2020, 10:53am

Can anyone confirm the workflow for anything that uses foreign keys in the SCIM schema.for example the groups and manager complex types?

The SCIM standard specifies that [manager.value] is the remote app’s id for the user’s manager. However, there’s no implementation detail on how the manager is created in the downstream app in time to set the reference for the direct report. If the direct report happens to be created first, a POST will create them, passing the manager’s id, but the manager does not yet exist in the downstream application in order to set this property.

Okta seems to have only a text field for ManagerId which could be anything, so I’m struggling to see how this can be used reliably in a SCIM context.

Groups are similar in that, it’s not clear when Okta’s SCIM client will request the creation of the group in order to make sure that it exists in time to add the user to it.

milmarko92 · July 10, 2020, 3:43pm

Any answer to this??

fabrice.dutron · May 6, 2021, 4:13pm

Same problem here.

Note that all work well In Azure : let says that the remote id A is linked to the managerId B. SCIM Azure checks that the remote user with id B exists, if not, creates it and only after creates the user A…The id used are the remote ones, and so, incredible but true, all works well.

mbabler · October 28, 2022, 8:43pm

Still looking for answer to this one as well.

SAML2.Bro · October 7, 2023, 5:03am

Surely someone has this figured out by now… right? any help appreciated.