I have a SCIM 2.0 provisioning app that is all the way working. But the way I implemented roles/permissions is not ideal. I used an attribute in okta to push down when a user is provisioned that identifies their permissions.
I read somewhere about using (push)groups instead, but the docs had the beta tag on most of the end points.
I also found this page about roles… https://developer.okta.com/docs/api/resources/roles
What is the best way to implement permissions and roles for users in SCIM?