SCIM assumes the default org when inserting a new user. What this means is SCIM can only assign members into the first organization, then it manages the user from a site-wide perspective.

A simple solution to push this down the road is to add a new config option such as SCIM_ORGANIZATION which allows specifying the organization to insert SCIM users when they first appear. We can use the keyword default to designate the default organization.

A simple solution is to just drop SCIM adding users into any org. It just creates a user on the site with 0 orgs. Let OIDC organization sync handle org associations.

In the future, we might want SCIM to take action within an organization, such as removing a member. At present, we can rely on group sync to do this?