So SCIM is still the primary api for user & group creation on the IAM Identity Center side of ssosync.
In versions v2.0.x, groups are currently created using the IdentityStore api, this will be addressed in an upcoming release. The intention of using the IdentityStore api, is to improve performance for comparing the content of the IdentityStore.
We want to retain creations via the SCIM api, so Manual user and groups, are easily identifiable. AWS Control Tower for one creates users and groups via the IdentityStore api and some user of ssosync want to retain these even though they can't authenticate as these users whilst SAML is enabled.
So SCIM is still the primary api for user & group creation on the IAM Identity Center side of ssosync.
In versions v2.0.x, groups are currently created using the IdentityStore api, this will be addressed in an upcoming release. The intention of using the IdentityStore api, is to improve performance for comparing the content of the IdentityStore.
We want to retain creations via the SCIM api, so Manual user and groups, are easily identifiable. AWS Control Tower for one creates users and groups via the IdentityStore api and some user of ssosync want to retain these even though they can't authenticate as these users whilst SAML is enabled.