Identity API for updating Omniauth/SAML/LDAP identity links
What
API allowing Identity records to be created/updated/deleted by admins.
In EE this should include creating Group SAML Identities with saml_provider_id, and should correctly create group managed accounts.
Why
This can be useful when migrating users to a new instance, or changing
Background
We use the Users API to migrate users to GitLab, but SSO enforcement requires users to have SAML to be added to the group. In https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/14045 we're adding the ability to create a Group SAML Identity at the same time as the user, since the logic already existed for other omniauth Identities.
Long term we might want an Identity API, and for this to also work with Group Managed Accounts