chore: updated scim 409 conflict error details

[deepakprabhakara]

Related Issue or Design Document

Checklist

• I have read the contributing guidelines and signed the CLA.
• I have referenced an issue containing the design document if my change introduces a new feature.
• I have read the security policy.
• I confirm that this pull request does not address a security vulnerability.
  If this pull request addresses a security vulnerability,
  I confirm that I got approval (please contact security@ory.com) from the maintainers to push the changes.
• I have added tests that prove my fix is effective or that my feature works.
• I have added the necessary documentation within the code base (if appropriate).

Further comments

[unatasha8]

It sounds like the original limitation (above) no longer exists! That is, an existing user in now updated and there is no 409 error. So it makes sense to delete the limitation above.

[unatasha8]

I don't understand how this is a limitation! A SCIM provisioning map is per organization. So why are we talking about the 'same' or a 'different' organization. Either the identity exists in the organization or it doesn't. If it doesn't exist, isn't it created? If it does exist, isn't it updated? That is the expected behavior. Why are we saying they should delete a user from one organization and add them to a different one? (That would mean there was an expectation that the mapping would know which organization the identity should be in and update it there.)

[deepakprabhakara]

@unatasha8 The mapping is per org, but identity resolution isn’t — the system checks for existing users globally. So if the same identity already exists in another org (or without an org), SCIM can’t create or reassign it automatically, which is why you get a 409.

[unatasha8]

See comments. The text is confusing.