Discover: set up principals (traits) fails when user is imported from Okta

[marcoandredinis]

When enrolling a new resource using the Discover wizard, one of the last steps is the Set Up Access.
This step asks the user to configure principals (os logins for SSH Access and db_user/name for Database Access). Those principals are added to the user's traits, which can then be used to access the protected resource.

When the user comes from an SSO, it doesn't have traits and so the step only tells the user how can they achieve the same goal (accessing the resource with a given principal) but using the SSO provider.

However, when the user comes from the Okta integration, we still try to update the user, and that fails with:

Expected behavior:
Explain what the user needs to do to add a given principal to their allowed principals.

Current behavior:
Error Must be Okta service to set "okta" origin is shown.

Bug details:

• Teleport version: 16.4.6
• Recreation steps
• Debug logs