We are a SaaS-platform developer and have some OKTA SSO functionality working for a growing number of clients and we want to build on that, but the OKTA documentation seems to provide conflicting guidance.

We offer an educational SaaS platform (focused on cybersecurity awareness training) with some third party integrations for Single Sign on and Account provisioning, using OIDC. We now have OKTA SSO working well, including Just-in-time provisioning. 

However, one of our customers has asked how he can deactivate accounts on our platform from his OKTA panel. Since we had already implemented SCIM on Active Directory and can easily deactivate accounts, we thought it would be a reasonably straightforward implementation to get similar SCIM functionality running for our OKTA integration. 

We were surprised to learn this week the following

“Adding SCIM provisioning to an OpenID Connect (OIDC) integration is not currently supported.” 

from Add SCIM provisioning to app integrations (https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_scim.htm)

This is unexpected. We have used OKTA documentation through many steps of the process. At no point were we made aware that SCIM on OIDC would be a problem. 

• An introductory page Get started with app integrations (https://help.okta.com/en-us/content/topics/apps/apps-overview-get-started.htm ) says that SSO is supported for OIDC integrations, and that Provisioning is supported using SCIM.
• Building a SCIM Integration Overview (https://developer.okta.com/docs/guides/scim-provisioning-integration-overview/main/) does not mention that SCIM isn’t supported if you choose to implement in OIDC.
• SCIM Protocol (https://developer.okta.com/docs/reference/scim/) does not mention that SCIM isn’t supported if you choose to implement in OIDC.
• Configure Provisioning for an App Integration (https://help.okta.com/en-us/content/topics/provisioning/lcm/lcm-provision-application.htm) does not mention that SCIM isn’t supported if you choose to implement in OIDC.
• SCIM FAQ (https://developer.okta.com/docs/concepts/scim/faqs/) does not mention that SCIM isn’t supported if you choose to implement in OIDC.
• Understanding SCIM (https://developer.okta.com/docs/concepts/scim/) does not mention that SCIM isn’t supported if you choose to implement in OIDC.

Can someone explain please which is right? Does OKTA support SCIM for OIDC or not? If not, why don't the other documentation pieces state this limitation more clearly?

If not supported, what other options are available to us? Are we expected now to rewrite our OIDC integration in SAML to support the SCIM use case our client has?