Okta Management API 2026.05.1: schema changes, scope removals, new tag

This version bump (2026.03.0 → 2026.05.1) includes several potentially breaking changes alongside additive ones:

• WorkflowsValidationError schema breaking change: The result property (a $ref to WorkflowsValidationErrorType enum) is removed and replaced with new required string fields code, flowName, message, and link. The WorkflowsValidationErrorType enum schema is also removed entirely. Any code deserializing this response shape will break.
• OAuth scopes removed: okta.authenticators.manage.self, okta.manifests.manage, okta.manifests.read, okta.operations.read, okta.privilegedResources.manage, okta.privilegedResources.read, okta.riskEvents.manage, okta.riskProviders.manage, okta.riskProviders.read, okta.users.manage.self, and okta.users.read.self are no longer listed in the security scheme scopes — clients requesting these scopes may receive errors.
• New OktaManagedUserAccount tag added (new API surface for managing Okta users via Okta Privileged Access) — purely additive.
• Documentation updates: Policy type SIGN_ON renamed to OKTA_SIGN_ON in docs; new SESSION_VIOLATION_DETECTION and IDENTITY_CLAIM_SOURCING policy types documented; WebAuthn rebrand to Passkey (FIDO2 WebAuthn) finalized with no parameter name changes.