When you have one user that needs access to multiple apps, you can implement single sign-on (SSO) via a SAML protocol. This allows a user to sign on to one platform to get access to multiple services instead of having to sign on to each platform separately. This is possible because a trusted broker, such as an identity provider, uses SAML to verify users once they’ve logged in. Once verified, this user can access any other services located on the same “property”. With SAML, you can also whitelist users for specific applications within the organization. So even if a user is verified, it doesn’t necessarily mean they have access to everything because they first need to be whitelisted. One disadvantage of using SAML is that it relies on login events to exchange information.

What is the difference between SAML vs. SCIM?
In short - SAML is focused on authentication and SCIM is focused on user provisioning. SCIM is a standard for automating user provisioning and manages user identities across multiple systems and domains, ensuring that user data is consistent across different platforms. SCIM enables service providers to automatically retrieve and manage user identity data from an identity provider, which reduces the manual effort needed to manage user identities across different systems. SCIM uses RESTful APIs (Application Programming Interfaces) to transfer user data between systems.