Open
Ensure all groups/user creates in IAM Identity Store are via SCIM api and populate externalId field#166
Feature
0 of 1 issue completed
Description
Is your feature request related to a problem? Please describe.
To enable, other improvements the creation/update/delete of users and groups needs to be consistently carried out via the SCIM api endpoints and not mixed with the Identity Store API. This will allow sync entities to be differentiated from manually created users. The only partial exception would be where a manually created entity matches an entity to be synced, in which case it would be updated via the SCIM apis and switch from being a manually created entity to a synced one.
### Tasks
- [ ] Read Users.Id & Groups.Id strings from google.golang.org/api/admin/directory/v1
- [ ] createUsers & createGroups, populate externalId field with .Id string via SCIM
- [ ] Prefer match. based on id and externalId, then fallback to email/name match
- [ ] detect users/groups that match (email/name) in the Identity Store and update with the externalId
- [ ] deletion handling - If Users/Groups with an externalId but it no longer matches an Id in google, but the email/name matches then update with new id, if no match then make for deletion.