Problem Statement
Currently the SCIM implementation explicitly forbids creating users with owner role and updating the user role to owner.
The API returns SCIM_400_INVALID_ORGROLE, while the role is perfectly valid and can be granted manually.
It is possible for SCIM to delete user with owner role, except for the last remaining owner.
I would expect SCIM to be able to create such users and update the permissions, as my intention is to manage all users and their roles on the IDP or IGA side.
Solution Brainstorm
As there might be some reasoning behind preventing owner user creation via SCIM, the behaviour could be controlled by a checkbox Allow owner role to be provisioned, unchecked by default in SCIM settings.
Product Area
Settings - Auth
Problem Statement
Currently the SCIM implementation explicitly forbids creating users with
ownerrole and updating the user role toowner.The API returns
SCIM_400_INVALID_ORGROLE, while the role is perfectly valid and can be granted manually.It is possible for SCIM to delete user with owner role, except for the last remaining owner.
I would expect SCIM to be able to create such users and update the permissions, as my intention is to manage all users and their roles on the IDP or IGA side.
Solution Brainstorm
As there might be some reasoning behind preventing owner user creation via SCIM, the behaviour could be controlled by a checkbox
Allow owner role to be provisioned, unchecked by default in SCIM settings.Product Area
Settings - Auth