Adding a new group to a group_push for a SCIM integration results in the error:
Found an empty scim group string. Cannot update the group=...- SCIM 2.0 Group Push
- SCIM 2.0 OIN Apps & SAML/SWA SCIM Apps
Okta will fail during the initial POST call to the SCIM server if the response from SCIM contains an empty string for the 'id' attribute.
{
"displayName": "Power Users",
"id": "",
"members": [
{
"display": "some.user3@example.com",
"value": "0bcc4205-bfd9-4d35-b3a7-ad1a77653bc2"
}
],
"meta": {
"location": "/scim/v2/Groups/bc49935c-e11b-48c4-9630-1d12d84529a9",
"resourceType": "Group"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}The SCIM Server must return a proper unique id, as defined by the SCIM Specification RFC 7643 - section-3.1:
- "A unique identifier for a SCIM resource as defined by the service provider.
Each representation of the resource MUST include a non-empty "id" value. This identifier MUST be unique across the SCIM service provider's entire set of resources. It MUST be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the "id" attribute is always issued by the service provider and MUST NOT be specified by the client. The string "bulkId" is a reserved keyword and MUST NOT be used within any unique identifier value. The attribute characteristics are "caseExact" as "true", a mutability of "readOnly", and a "returned" characteristic of "always"."
Related References
