Administrate our admin-users as self service and IDP integration

As an IT administrator, I want to replace the current Support-based access request process with enterprise identity integrations (OIDC for SSO and SCIM 2.0 for provisioning), so that users can access the App Catalog with Single Sign-On (SSO) and their accounts (and optionally groups) are provisioned and deprovisioned automatically.

Requirements

• Current state: Access to the App Catalog must be requested via Support.
  Goal: Remove this manual step and enable self-service via IdP assignment.

• OIDC (OpenID Connect) integration for authentication (SSO).

  • Support redirect-based login via the IdP.

  • Map user attributes (e.g., name, email, roles) from IdP claims.

• SCIM 2.0 support for provisioning.

  • Automatic user creation, updates, and deactivation driven by the IdP.

  • Optional: group provisioning and membership synchronization.