I would like to understand why most IdPs only offer the SCIM service together with SSO (especially SAML).
For me, these are two different concepts
- SSO: loging in
- SCIM: user provisioning
I'm referring to user provisioning via SCIM via an API, not as part of the SAML payload.
The function of an IDP is to authenticate against a repository not to provision it. So an IDP that only did SCIM would not be an IDP.
Some IDP also offer SCIM as a separate function. This is outside of the authentication e.g. Azure AD, Auth0, Okta.
Some IDP do not offer SCIM e.g. ADFS.