Hi, I am still waiting for an update on this question.
To give more context about why this might be an issue.
If I go one more step and
‘group2’ is added to scim app.
Add ‘user1’ to another group ‘group2’
Okta sends call to make user ‘user1’ active [/Users endpoint]
Okta sends call to add ‘user1’ to ‘group2’ [/Groups endpoint]
Okta sees that the scim server has both ‘group1’ and ‘group2’ listed as groups for ‘user1’
Okta sends a call to update ‘user1’ groups using PUT call to /Users endpoint
The 6th step is a violation of SCIM rfc - change to groups attribute should be done only via /Groups endpoint. So SCIM server discards groups change sent from /Users endpoint.
[RFC 7643 - System for Cross-domain Identity Management: Core Schema - check groups attribute description]
This leads to bad data as ‘user1’ has both ‘group1’ and ‘group2’ in it’s groups attribute