Investigate using SCIM to sync users with identity provider when using OAuth

[mraible]

Overview of the feature request

SCIM (System for Cross-domain Identity Management) is a standard automating user provisioning (aka syncing users). SCIM communicates user identity data between identity providers (such as companies with multiple individual users) and service providers requiring user identity information (such as enterprise SaaS apps).

Here's a presentation from @jpf that explains how it works: https://twitter.com/oktadev/status/1391422797516320771

Motivation for or Use Case

Our current mechanism for syncing users only happens when the user logs in. This means you can't select users in a relationship if they haven't logged in yet. Implementing SCIM would allow us to have the syncing of users happen automatically.

Related issues or PR

There's a Stack Overflow question about SCIM support in Keycloak. It currently doesn't exist, but there is a library that someone created. SCIM should work with Okta.