What will happen if we call update for a non-existing resource in OKTA SCIM API using PUT ?
Does it return 404 or is it create a new user?
I have no experience with Okta's SCIM implementation, but per the SCIM RFC, the correct response is a 404. When updating via PUT or PATCH, you would be targeting a specific object via the ID value (ie: scim.app.com/scim/v2/users/12345). If an object possessing the ID value provided does not exist, a 404 should be returned by the SCIM endpoint.
::EDIT:: The above answer is incorrect, as my interpretation of the SCIM RFC was incorrect. The correct response is 400 Bad Request with an error message of invalidValue, as the user ID value specified in the PUT operation not being present means that the value provided (Ex: /Users/123) is incompatible with the operation being attempted (update of an existing object via PUT). ::END EDIT::
Relevant sections of the RFC: https://www.rfc-editor.org/rfc/rfc7644#section-3.2 (SCIM Endpoints and HTTP Methods) calls out:
PUT Modifies a resource by replacing existing attributes with a specified set of replacement attributes (replace). PUT MUST NOT be used to create new resources.