Can anyone confirm the workflow for anything that uses foreign keys in the SCIM schema.for example the groups and manager complex types?
The SCIM standard specifies that [manager.value] is the remote app’s id for the user’s manager. However, there’s no implementation detail on how the manager is created in the downstream app in time to set the reference for the direct report. If the direct report happens to be created first, a POST will create them, passing the manager’s id, but the manager does not yet exist in the downstream application in order to set this property.
Okta seems to have only a text field for ManagerId which could be anything, so I’m struggling to see how this can be used reliably in a SCIM context.
Groups are similar in that, it’s not clear when Okta’s SCIM client will request the creation of the group in order to make sure that it exists in time to add the user to it.