SCIM profile and SAML 2.0 implementation
Both SCIM and SAML are important considerations for configuring AWS SSO.
SAML 2.0 implementation
AWS SSO supports identity federation with SAML (Security Assertion Markup
Language)
AWS SSO adds SAML IdP capabilities to your AWS SSO store, AWS Managed Microsoft AD, or to an external identity provider. Users can then SSO into services that support SAML, including the AWS Management Console and third-party applications such as Microsoft 365, Concur, and Salesforce.
The SAML protocol however does not provide a way to query the IdP to learn about users and groups. Therefore, you must make AWS SSO aware of those users and groups by provisioning them into AWS SSO.
SCIM profile
AWS SSO provides support for the System for Cross-domain Identity Management (SCIM) v2.0 standard. SCIM keeps your AWS SSO identities in sync with identities from your IdP. This includes any provisioning, updates, and deprovisioning of users between your IdP and AWS SSO.
For more information about how to implement SCIM, see Automatic provisioning. For additional details about AWS SSO’s SCIM implementation, see the AWS SSO SCIM Implementation Developer Guide.