Problem
Enterprises often split authority across IdP, HR, LDAP, FreeIPA, application roles, and Linux runtime behavior. Undocumented sync chains create ambiguity and increase blast radius.
FreeSCIM control
- Define source-of-truth fields for users and groups.
- Preview lifecycle changes before execution.
- Record decisions, approvals, request IDs, and rollback candidates.
- Expose reconciliation drift as an operational artifact.
Evidence artifact
Authority matrix, dry-run diff, SCIM transaction log, directory validation result, and rollback plan.